Set 403 error page in MVC

Saboor Awan picture Saboor Awan · Aug 11, 2011 · Viewed 24.1k times · Source

I overrides the class to perform custom Authorization

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeAttribute : System.Web.Mvc.AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Request.IsAuthenticated)
        {
            filterContext.Result = new System.Web.Mvc.HttpStatusCodeResult(403);
        }
        else
        {
            base.HandleUnauthorizedRequest(filterContext);
        }
    }
}

now in web.config i have configured the 403 error page

<customErrors defaultRedirect="/Shared/Error" mode="On">
  <error statusCode="403" redirect="/Shared/UnAuthorize" />
</customErrors>

but the browser still shows me default error page for 403, what i am missing here, any idea

Answer

Kevin Cloet picture Kevin Cloet · Aug 11, 2011

Just a small hint/note besides Max B. answer:

When I'm using custom errors I make an ErrorsController, and a UnAuthorize ActionResult and do the following:

<error statusCode="403" redirect="/Errors/UnAuthorize" />

This way I can add extra information or do other actions in my controller, for example:

  • Like logging to the database that someone tried to access an authenticated area.
  • Error counting.
  • Maybe a bug or report form that they can use to send the admin information.
  • ...

This way you have some more control on what's happening.