I overrides the class to perform custom Authorization
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeAttribute : System.Web.Mvc.AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsAuthenticated)
{
filterContext.Result = new System.Web.Mvc.HttpStatusCodeResult(403);
}
else
{
base.HandleUnauthorizedRequest(filterContext);
}
}
}
now in web.config i have configured the 403 error page
<customErrors defaultRedirect="/Shared/Error" mode="On">
<error statusCode="403" redirect="/Shared/UnAuthorize" />
</customErrors>
but the browser still shows me default error page for 403, what i am missing here, any idea
Just a small hint/note besides Max B. answer:
When I'm using custom errors I make an ErrorsController
, and a UnAuthorize ActionResult and do the following:
<error statusCode="403" redirect="/Errors/UnAuthorize" />
This way I can add extra information or do other actions in my controller, for example:
This way you have some more control on what's happening.