ASP.NET MVC redirect to an access denied page using a custom role provider

asp.net-mvc asp.net-membership roleprovider
André Miranda picture André Miranda · Aug 14, 2009 · Viewed 38.2k times · Source

I'm creating a custom role provider and I set a Authorize attribute specifying a role in my controller and it's working just fine, like this:

[Authorize(Roles="SuperAdmin")]
public class SuperAdminController : Controller
...

But when an user doens't have access to this controller, he's redirected to login page. How can I redirect him to a "AcessDenied.aspx" page?

Answer

eu-ge-ne picture eu-ge-ne · Aug 14, 2009 
[AccessDeniedAuthorize(Roles="SuperAdmin")]
public class SuperAdminController : Controller

AccessDeniedAuthorizeAttribute.cs:

public class AccessDeniedAuthorizeAttribute : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);

        if(filterContext.Result is HttpUnauthorizedResult)
        {
            filterContext.Result = new RedirectResult("~/AcessDenied.aspx");
        }
    }
}

Related questions

How to assign Profile values?

I don't know what I am missing, but I added Profile properties in the Web.config file but cannot access Profile.Item in the code or create a new profile.

Read More
How to initialize database with Entity Framework and Membership tables

I have a MVC4 web application that use Entity Framework 5.0 Code First. In Global.asax.cs I have a bootstrapper that initialize the Entity.Database, force the database to be initialized and initialize the database for the Membership. The code …

Read More
ASP.NET MVC 4 Web API Authentication with Membership Provider

I have an ASP.NET MVC 4 Project using the Web API. On the controller I have set the class to require authorization using the [Authorize] attribute. For Authentication I am using the ASP.NET Membership Provider and have my Web.…

Read More