Roles based Forms Auth - denied pages redirect

Shaun · Shaun

I would like to know how, if at all possible, a custom redirect page can be setup for when a users role(s) are denied to a page.
The default behaviour seems to be back to the default/login page but I need to tell the user that they are not allowed the access the requested.
The site in question in basically just html pages pages that have no code in them, so I cannot use page behind code. I also set permissions to various parts of the site using web.config files and cannot hard-code checking in the pages as this may change.

This is my second attemt to find out.

For now I am finding the next 'upstream' web.config in an httpmodule and checking the users roles against those int he web.config.
This is far from ideal - surely forms auth should handle this so I do not have to write such code and lookup web.config files for each request (I know these could be cached, but still not ideal).

Thanks in advance ......

--------------------------
Shaun Venus

emailid: sunevnuahs
domain: hotmail.com
--------------------------

Jim Cheshire [MSFT] · Jim Cheshire [MSFT]

Shaun,

Are you trying to do something along the lines of a customErrors page for a
401? If so, that's not possible.

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
[email]jamesche@online.microsoft.com[/email]

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

>Thread-Topic: Roles based Forms Auth - denied pages redirect
>thread-index: AcRtb54WpJXf4HAUTji/o69pj74rmw==
>X-WBNR-Posting-Host: 194.205.4.1
>From: "=?Utf-8?B?U2hhdW4=?=" <Shaun@discussions.microsoft.com>
>Subject: Roles based Forms Auth - denied pages redirect
>Date: Mon, 19 Jul 2004 02:06:03 -0700
>Lines: 18
>Message-ID: <D01C83F5-C77D-4D7D-B24A-F09EE0983CA1@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGXA03.phx.gbl
>Xref: cpmsftngxa06.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 10854

>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>I would like to know how, if at all possible, a custom redirect page can

be setup for when a users role(s) are denied to a page.

>The default behaviour seems to be back to the default/login page but I

need to tell the user that they are not allowed the access the requested.

>The site in question in basically just html pages pages that have no code

in them, so I cannot use page behind code. I also set permissions to
various parts of the site using web.config files and cannot hard-code
checking in the pages as this may change.

>
>This is my second attemt to find out.
>
>For now I am finding the next 'upstream' web.config in an httpmodule and

checking the users roles against those int he web.config.

>This is far from ideal - surely forms auth should handle this so I do not

have to write such code and lookup web.config files for each request (I
know these could be cached, but still not ideal).

>
>Thanks in advance ......
>
>
>--------------------------
>Shaun Venus
>
>emailid: sunevnuahs
>domain: hotmail.com
>--------------------------
>

Shaun · Shaun

Jim,

Thanks for getting back to me. Here's what I have done so far .....

I have a site with many different content areas that users can subscribe to. Each of these areas (in its own folder) has a web.config to specify the roles allowed access, the user belongs to the roles allowed for the subscribed areas.

As I could not find a way to do the custom error page I have used the usual code in global.asax to retrieve the roles that were stored in the UserData of the AuthenticationTicket at login.
Then an HttpModule is used to to look back up the path of the request and find the nearest upstream web.config from which the roles are extracting using an XPath query. From these I can find out if the user is allowed access to the content.
Obviously this is not ideal as there is lots of IO in finding the web.config file. I am caching them and working on a way of parsing the requests path to reduce the IO further.

If this is the only way to go then I will continue down this path. Just a shame that the 'deny' from the web.config cannot be used to trigger a redirect to a custom page - from which I could tell the user they are not subscribed to that content area etc.

Thanks again for your time,

Shaun

--------------------------
Shaun Venus

emailid: sunevnuahs
domain: hotmail.com
--------------------------

"Jim Cheshire [MSFT]" wrote:

> Shaun,
>
> Are you trying to do something along the lines of a customErrors page for a
> 401? If so, that's not possible.
>
> Jim Cheshire [MSFT]
> MCP+I, MCSE, MCSD, MCDBA
> Microsoft Developer Support
> [email]jamesche@online.microsoft.com[/email]
>
> This post is provided "AS-IS" with no warranties and confers no rights.
>
> --------------------

> >Thread-Topic: Roles based Forms Auth - denied pages redirect
> >thread-index: AcRtb54WpJXf4HAUTji/o69pj74rmw==
> >X-WBNR-Posting-Host: 194.205.4.1
> >From: "=?Utf-8?B?U2hhdW4=?=" <Shaun@discussions.microsoft.com>
> >Subject: Roles based Forms Auth - denied pages redirect
> >Date: Mon, 19 Jul 2004 02:06:03 -0700
> >Lines: 18
> >Message-ID: <D01C83F5-C77D-4D7D-B24A-F09EE0983CA1@microsoft.com>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGXA03.phx.gbl
> >Xref: cpmsftngxa06.phx.gbl

> microsoft.public.dotnet.framework.aspnet.security: 10854

> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
> >
> >I would like to know how, if at all possible, a custom redirect page can

> be setup for when a users role(s) are denied to a page.

> >The default behaviour seems to be back to the default/login page but I

> need to tell the user that they are not allowed the access the requested.

> >The site in question in basically just html pages pages that have no code

> in them, so I cannot use page behind code. I also set permissions to
> various parts of the site using web.config files and cannot hard-code
> checking in the pages as this may change.

> >
> >This is my second attemt to find out.
> >
> >For now I am finding the next 'upstream' web.config in an httpmodule and

> checking the users roles against those int he web.config.

> >This is far from ideal - surely forms auth should handle this so I do not

> have to write such code and lookup web.config files for each request (I
> know these could be cached, but still not ideal).

> >
> >Thanks in advance ......
> >
> >
> >--------------------------
> >Shaun Venus
> >
> >emailid: sunevnuahs
> >domain: hotmail.com
> >--------------------------
> >

>
>

Jim Cheshire [MSFT] · Jim Cheshire [MSFT]

Hi Shaun,

The fact that you are doing this successfully with an HttpModule confirms a
post that I just made in another thread. I wasn't sure if it was possible,
but figured that an HttpModule would be the only possible way.

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
[email]jamesche@online.microsoft.com[/email]

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

>Thread-Topic: Roles based Forms Auth - denied pages redirect
>thread-index: AcRvAfKA88UipZTAQUOeq6ZPy9Ei4A==
>X-WBNR-Posting-Host: 194.205.4.1
>From: "=?Utf-8?B?U2hhdW4=?=" <Shaun@discussions.microsoft.com>
>References: <D01C83F5-C77D-4D7D-B24A-F09EE0983CA1@microsoft.com>

<b826yGabEHA.3848@cpmsftngxa06.phx.gbl>

>Subject: RE: Roles based Forms Auth - denied pages redirect
>Date: Wed, 21 Jul 2004 02:06:02 -0700
>Lines: 93
>Message-ID: <6ACC939C-66FB-4C63-8B42-3898F53FA78A@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGXA03.phx.gbl
>Xref: cpmsftngxa06.phx.gbl

microsoft.public.dotnet.framework.aspnet.security: 10889

>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>
>Jim,
>
>Thanks for getting back to me. Here's what I have done so far .....
>
>I have a site with many different content areas that users can subscribe

to. Each of these areas (in its own folder) has a web.config to specify
the roles allowed access, the user belongs to the roles allowed for the
subscribed areas.

>
>As I could not find a way to do the custom error page I have used the

usual code in global.asax to retrieve the roles that were stored in the
UserData of the AuthenticationTicket at login.

>Then an HttpModule is used to to look back up the path of the request and

find the nearest upstream web.config from which the roles are extracting
using an XPath query. From these I can find out if the user is allowed
access to the content.

>Obviously this is not ideal as there is lots of IO in finding the

web.config file. I am caching them and working on a way of parsing the
requests path to reduce the IO further.

>
>If this is the only way to go then I will continue down this path. Just a

shame that the 'deny' from the web.config cannot be used to trigger a
redirect to a custom page - from which I could tell the user they are not
subscribed to that content area etc.

>
>Thanks again for your time,
>
>Shaun
>
>
>--------------------------
>Shaun Venus
>
>emailid: sunevnuahs
>domain: hotmail.com
>--------------------------
>
>
>"Jim Cheshire [MSFT]" wrote:
>

>> Shaun,
>>
>> Are you trying to do something along the lines of a customErrors page

for a

>> 401? If so, that's not possible.
>>
>> Jim Cheshire [MSFT]
>> MCP+I, MCSE, MCSD, MCDBA
>> Microsoft Developer Support
>> [email]jamesche@online.microsoft.com[/email]
>>
>> This post is provided "AS-IS" with no warranties and confers no rights.
>>
>> --------------------

>> >Thread-Topic: Roles based Forms Auth - denied pages redirect
>> >thread-index: AcRtb54WpJXf4HAUTji/o69pj74rmw==
>> >X-WBNR-Posting-Host: 194.205.4.1
>> >From: "=?Utf-8?B?U2hhdW4=?=" <Shaun@discussions.microsoft.com>
>> >Subject: Roles based Forms Auth - denied pages redirect
>> >Date: Mon, 19 Jul 2004 02:06:03 -0700
>> >Lines: 18
>> >Message-ID: <D01C83F5-C77D-4D7D-B24A-F09EE0983CA1@microsoft.com>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
>> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGXA03.phx.gbl
>> >Xref: cpmsftngxa06.phx.gbl

>> microsoft.public.dotnet.framework.aspnet.security: 10854

>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
>> >
>> >I would like to know how, if at all possible, a custom redirect page

can

>> be setup for when a users role(s) are denied to a page.

>> >The default behaviour seems to be back to the default/login page but I

>> need to tell the user that they are not allowed the access the requested.

>> >The site in question in basically just html pages pages that have no

code

>> in them, so I cannot use page behind code. I also set permissions to
>> various parts of the site using web.config files and cannot hard-code
>> checking in the pages as this may change.

>> >
>> >This is my second attemt to find out.
>> >
>> >For now I am finding the next 'upstream' web.config in an httpmodule

and

>> checking the users roles against those int he web.config.

>> >This is far from ideal - surely forms auth should handle this so I do

not

>> have to write such code and lookup web.config files for each request (I
>> know these could be cached, but still not ideal).

>> >
>> >Thanks in advance ......
>> >
>> >
>> >--------------------------
>> >Shaun Venus
>> >
>> >emailid: sunevnuahs
>> >domain: hotmail.com
>> >--------------------------
>> >

>>
>>

>

Roles based Forms Auth - denied pages redirect

Thread Tools

Display

Roles based Forms Auth - denied pages redirect

Similar Questions and Discussions

Role Based Forms Auth with Active Directory

Forms Authentication based on roles.

Forms Auth Redirect on Access Denied - Question/Help

Forms Auth and none aspx pages

forms auth and roles

RE: Roles based Forms Auth - denied pages redirect

RE: Roles based Forms Auth - denied pages redirect

RE: Roles based Forms Auth - denied pages redirect

Posting Permissions