Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
702 views
in Technique[技术] by (71.8m points)

asp.net mvc 2 - How to prevent IIS7 for handling HTTP status code 401?

I'm working my ASP.NET MVC 2 project. I create exception filter for catching unauthorized access exception that occur when user does not has permission to view some action.

[CustomError(typeof(UnauthorizedAccessException), "Error", "UnauthorizedAccess")]
public class MyController : BaseController
{
}

After exception has been thrown, my filter will transfer to configured controller/action that is the following method.

public ActionResult UnauthorizedAccess(ExceptionContext context)
{
    Response.StatusCode = CustomHttpStatusCode.UnauthorizedUser;

    return View(model);
}

Finally, before ASP.NET application end this request, it will call the following method that located in Global.ascx for changing custom HTTP status code to HTTP status 401(unauthorized access).

public void Application_EndRequest(object sender, EventArgs e)
{
    if (Response.StatusCode == CustomHttpStatusCode.UnauthorizedUser)
    {
        Response.StatusCode = 401;
    }
}

Everything is work fine on my machine (IIS 7.5). But it does not work on my deploy website. It still return plain text "You do not have permission to view this directory or page." instead of my custom error page.

PS. The following config is my current web.config for this case.

  <?xml version="1.0" encoding="UTF-8"?>
  <configuration>
    <system.web>
      <customErrors mode="On"></customErrors>
    </system.web>
    <system.webServer>
      <httpErrors errorMode="Custom">
         <remove statusCode="502" subStatusCode="-1" />
         <remove statusCode="501" subStatusCode="-1" />
         <remove statusCode="500" subStatusCode="-1" />
         <remove statusCode="412" subStatusCode="-1" />
         <remove statusCode="406" subStatusCode="-1" />
         <remove statusCode="405" subStatusCode="-1" />
         <remove statusCode="404" subStatusCode="-1" />
         <remove statusCode="403" subStatusCode="-1" />
         <remove statusCode="401" subStatusCode="-1" />
      </httpErrors>
    </system.webServer>
  </configuration>
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

I just found easy solution for this problem. I just add new setting in to web.config file like the following code. Everything works fine on my deployment website.

  <?xml version="1.0" encoding="utf-8"?>
  <configuration> 
    <system.webServer>
      <httpErrors errorMode="Custom" existingResponse="PassThrough">
          <remove statusCode="502" subStatusCode="-1" />
          <remove statusCode="501" subStatusCode="-1" />
          <remove statusCode="500" subStatusCode="-1" />
          <remove statusCode="412" subStatusCode="-1" />
          <remove statusCode="406" subStatusCode="-1" />
          <remove statusCode="405" subStatusCode="-1" />
          <remove statusCode="404" subStatusCode="-1" />
          <remove statusCode="403" subStatusCode="-1" />
          <remove statusCode="401" subStatusCode="-1" />
      </httpErrors>
    </system.webServer>
  </configuration>

So I can create custom error page both in plain text and JSON response too.

For more information: HttpErrorsSection Class

PS. But I cannot found existingResponse attribute in Error Pages feature of IIS manager.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...