1

I am using Windows Authentication in my MVC application with the WindowsTokenRoleProvider. I created a controller action that looks like:

[Authorize(Roles=@"Fake\Role")]
public ActionResult Admin()
{
    return View();
}

When I try and hit this page I see a blank page. Is there a way for me to display a custom view that says "You are not authorized to view this page" isntead of just showing a blank page. If I was using forms authentication then it would redirect me to the login page, but that doesn't really make sense for Windows Authentication since you never really log in specifically.

Improve this question
3
  • 1
    possible duplicate of Redirecting unauthorized controller in ASP.NET MVC Commented Sep 1, 2011 at 16:42
  • @dlev I'm not sure if this is actually a duplicate. That question while not specifically mentioning Forms Auth seems to be entirely focused on forms auth. This is about windows auth. Commented Sep 1, 2011 at 16:44
  • @Chris The answer to the linked question talks about setting a different Result in a custom AuthorizationFilter, which is a good way to go about this. Commented Sep 1, 2011 at 16:46

1 Answer 1

Reset to default
1

You most likely are not getting a blank page (I'm not absolutely certain). You are most likely getting a http response that has no content, but has a 403 not authorized status code.

Assuming this is accurate, all you need to do is setup in ASP.NET custom errors (and IIS custom errors) is a redirect rule for 403 codes to the appropriate page.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Ah you're probably right. It appears as a blank page in IE :)
I added a customerrors section with both 403 and 404 error codes. If i type an invalid address then it will redirect me to my 404 page, but when I try and view the page I'm not authorized to see, I still see a blank page. I can't use fiddler because I don't have admin priveleges to install on my machine. How can I tell if it's really a 403?
Firebug in Firefox, or the developer tools in IE9 and Chrome should also let you see the response code. If none of those work, you should be able to use curl to directly call the url. Also did you set both the IIS custom errors AND asp.net custom errors?
And ouch for not being a local admin on your machine as a developer. That's a requirement for my employment, any company that refuses to give me a proper working environment which includes local admin, VS2010, resharper, and a high powered machine I will refuse to work for.
I just got the machine and it's an error...it will be corrected :)
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.