0

I have ASP.NET MVC4 project with custom AuthorizeAttribute to control the authorization. In order to explain my situation easier I created a dummy project to illustrate the issue.

I have one single controller

using System.Web.Mvc;
using MvcApplication2.Helper;
using MvcApplication2.Models;

namespace MvcApplication2.Controllers
{
    public class HomeController : Controller
    {
        public ActionResult Index()
        {
            var model = new ViewModel();

            return View(model);
        }

        [HttpPost]
        public ActionResult Index(ViewModel model)
        {
            Session["ModelValue"] = model.InputValue;

            return RedirectToAction("Step2");
        }

        [MyAuthorize]
        public ActionResult Step2()
        {
            return View();
        }
    }
}

The purpose is very simple, From Index I accept some input, store the value in a session and redirect to Step2. I have my authorize attribute on step 2. The code for my attribute is

using System;
using System.Web;
using System.Web.Mvc;

namespace MvcApplication2.Helper
{
    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true)]
    public class MyAuthorizeAttribute : AuthorizeAttribute
    {
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (httpContext.Session["ModelValue"] == null)
            {
                return false;
            }
            else
            {
                string inputValue = httpContext.Session["ModelValue"] as string;

                if (inputValue != "1")
                {
                    return false;
                }
                else
                {
                    return true;
                }
            }
        }
    }
}

The purpose is very simple, check if the session value is 1 or not.

Run the application, you input 1 in textbox and you see step2 view, if you input anything else you get the default 401.0 page.

Now I opened the web.config file to include

  <system.web>
    <customErrors mode="On" defaultRedirect="~/Error">
      <error statusCode="401" redirect="~/401.htm" />
    </customErrors>

    <compilation debug="true" targetFramework="4.0" />

  </system.web>

I hope when the application captures 401 code, I should see the content of 401.htm. But the reality is that I still get the default 401 error display from server.

Any idea why?

hardywang
  • 4,864
  • 11
  • 65
  • 101

1 Answers1

1

In addition use this:

      <system.webServer>
        <httpErrors>
          <error statusCode="401" path="~/Home/Login"/>
          <error statusCode="404" path="~/Error/NotFound"/>
        </httpErrors>
</system.webServer>
Nemmy
  • 121
  • 7
  • I does not seem to work, I added ` ` in my web.cofnig, and it still shows default system 401 page in my IIS Express 8.5 – hardywang Nov 26 '14 at 21:38
  • I cannot see your code but I can only suggest you make sure httpErrors is in system.webServer tag. Also consider using controller/action path instead of an htm page and you do not need the remove tag. Please let me know if it worked. – Nemmy Nov 30 '14 at 12:34
  • I have included `httpErrors` in `system.webServer` already, it does not make any difference. Any regarding the static file or MVC controller/action in the configure file, the only difference is the that which one is to be loaded, it should not impact the functionality, correct? – hardywang Dec 01 '14 at 14:02
  • To be honest I never tried using static files but it should be very easy to find out if that's what make the difference. just change it to any controller\action and see if it does work. Also dont use the remove tag because it night be deleting the new error tag. – Nemmy Dec 02 '14 at 11:17