Robert McLaws: FunWithCoding.NET

Public Shared Function BrainDump(ByVal dotNet As String) As [Value]

News

<script type="text/javascript"><!-- google_ad_client = "pub-4330602465258980"; google_hints = "ASP.NET, VB.NET, C#, C#.NET, WindowsForms, .NET Framework, VS2005, Visual Studio, XAML, WinFX, Windows Workflow, WPF, WCF, Atlas, NetFX3, Visual Studio Orcas"; google_ad_width = 120; google_ad_height = 240; google_ad_format = "120x240_as"; google_ad_type = "text_image"; google_ad_channel ="4997399242"; google_color_border = "B6C9E7"; google_color_bg = "EFEFEF"; google_color_link = "0000FF"; google_color_text = "000000"; google_color_url = "002C99"; //--></script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script>
<!--
-->

You should feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section of each blog entry, but I reserve the right to delete any comment for any reason whatsoever. That said, I will most likely only delete abusive, profane, rude, or annonymous comments, so keep it polite, please.

Blogroll

Cool .NET Articles

My .NET Tools

My Builder.com Articles

My MSKB Articles

ASP.NET: Authenticated but not Authorized

Does anyone know if there is a built-in way to trigger the Membership/Roles/FormsAuth system to redirect to a separate page if the current user is authenticated, but not authorized to view the current page? Right now I'm handling Application.Authenticate and checking UrlAuthorizationModule.CheckUrlAccessForPrincipal, but I'm not sure that's the best way, and it's not as clean as I'd like. Thanks!

Posted: Dec 04 2006, 01:13 AM by interscape | with 1 comment(s)
Filed under:

Comments

glozano said:

Since the status code will be set to 401 you could use the customErrors section to redirect to a aspx page but if the authentication fails the status code will be set to 401 as well. Therefore in the ASPX where you redirect to you could check if the IsAuthenticated flag is set to true for the current request.

It would off course had been better if Microsoft would make sure that the PostAuthorizeEvent would always be raised regardless whether or not the user is authorized.

# December 4, 2006 5:12 AM