I have a MVC solution, which works with authorization for certain URLs based on the logged-in user.
I had managed this problem by using a protected method on the parent controller which checks if a user is administrator or not. This is the code:
[Authorize]
public abstract class ConfigurationController<E> : Controller where E : IPersistentVM, new()
{
//SOME OTHER CODE RIGHT HERE
protected ActionResult CheckPermission(string url, SPDCSS.Model.Rules.Enums.Permission.Permissions permission)
{
var user = Helper.GetLoggedInUser();
if (user.UserTypeId == (int)SPDCSS.Model.Rules.Enums.UserType.UserTypes.Administrator)
{
return View(url);
}
throw new UnauthorizedAccessException("Access Denied.");
}
}
And then, each inherited class calls this method this way:
namespace SPDCSS.Management.Web.Application.Controllers.Configuration
{
public class ChartController : ConfigurationController<ChartVM>
{
public ActionResult Chart()
{
return CheckPermission("~/Views/Configuration/Chart.cshtml",M.Enums.Permission.Permissions.Chart);
}
//MORE CODE HERE...
}
}
The problem is that I want to redirect for a specific view when I throw this exception, and I saw that most of people do it in the web.config file. I did it this way, but is not working:
<system.web>
<customErrors mode="RemoteOnly" defaultRedirect="~/Views/Shared/Error.cshtml">
<error statusCode="403" redirect="~/Views/Shared/UnauthorizedAccess.cshtml" />
</customErrors>
<!-- # some other code # -->
</system.web>
I think that maybe, the problem is on the status code which I had specified, but I don't what to use there. Any ideas about where the problem is?
