0

I have an MVC application, which uses claims authorization, based on great tutorial available here. In the code I override CheckAccess method of ClaimsAuthorizationManager to implement my own logic against each resource and action

public class CustomAuthorisationManager : ClaimsAuthorizationManager
{
    public override bool CheckAccess(AuthorizationContext context)
    {
        string resource = context.Resource.First().Value;
        string action = context.Action.First().Value;

        if (action == "Show" && resource == "Code")
        {
            bool livesInScotland = context.Principal.HasClaim(ClaimTypes.Country, "Scotland");
            return livesInScotland;
        }

        return false;
    }
}

And everything works fine, apart of the fact that whenever CheckAccess method returns false I get HTTP Error 401.0 – Unauthorized, which as I have read can be handled only by IIS. My question is, how can I handle this error in code to display custom error page to the user. I have seen many different solutions, like here, or here, but have never managed to make it work for me.

Bartosz
  • 4,542
  • 11
  • 43
  • 69

1 Answers1

0

You could implement IHttpModule. A guide to implement one can be found here. The good thing about httpmodule is that you can catch almost any HTTP response and do what you want with it.

Or you can look at this SO question. Maybe you will like it better.

Community
  • 1
  • 1
pepo
  • 8,644
  • 2
  • 27
  • 42
  • I have tried the IHttpModule solution but my application doesn't see the module. Are you sure it can be used within MVC. With regards to the second solution, its referring only to 404 and 500 errors, which are handled by ASP, while as far as I'm aware, 401 gets resolved by IIS (see here: http://patrickdesjardins.com/blog/asp-net-mvc-http-error-401-0-unauthorized) – Bartosz Apr 16 '14 at 14:34
  • HttpModule steps in at IIS level, not MVC. But when you are debugging your application debugger will step into the module if you have a breakpoint there. Did you have problems with it? We have registered the module in `` and set ` `. We had no problems with it. – pepo Apr 16 '14 at 19:23