Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Hi,

When using Forms Authentication with Role Based Authorization, we can restrict users based on their role for different directories/pages.

However, if an user who doesn't have authorization to view a page, tries to view the same, he will be directed to the Login page with a ReturnUrl parameter, despite the user already being logged in.

That doesnt give any idea to the user as to why he is getting directed to the same login page while he has already logged in and doesnt give him the message that he is not an authorized person to view that page.

However, we would like to take them to a Custom "You are not authorized to view this section" page.

This can be achieved by a little tweaking of code in the login page.

In the Page_Load event of the Login page, you can check if the User is Authenticated and if the querystring for ReturnURL is not null. Then we can get an idea that the user has tried to view an unauthorized section and has been directed to login page.

So if both the above conditions are true, you can safely response.redirect them to your custom "Not authorized" page.

The code for the same is as follows:-

if(User.Identity.IsAuthenticated && Request.QueryString["ReturnUrl"] != null)
{
Response.Redirect("NotAuthorized.aspx");
}

The above is not the only solution and this can be handled using custom HTTP handler events. However, I found this to be a simpler, quicker solution with much less coding effort.

Print | posted on Monday, April 25, 2005 7:38 AM

Comments on this post

# re: Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Requesting Gravatar...
Harish,

I tried this approach but consider the following sequence of events:

Try to access a protected resource before you are logged on
ASP.NET Auto-redirects you to the login page
You log in and are redirected to the protected resource that you do have permission to view
Then hit the "back" button

- You will get redirected to the Not Authorized page instead of having the login screen displayed again. I'm not sure how to get around this!

Left by Duncan Millard on Aug 31, 2005 11:12 AM

# re: Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Requesting Gravatar...
If you do not mind "hard coding" the destination url after a user login, this problem can easily be solved.

Insert these codes in the login page.

Protected Sub Login1_LoggedIn(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoggedIn
Response.Redirect("default.aspx")
End Sub

By doing so, the unauthenticated user will ALWAYS redirected to the default page, instead of the unauthorized page.

Cheers
Left by Jerry Leong on Apr 13, 2006 2:40 AM

# No Redirecting

Requesting Gravatar...
In the login page I positioned a short message, explaining the user why (s)he is invited to enter login/password yet again.

( Of course, in the Page_Load event I make this explanation visible or ivisible depending on the condition described above: Panel1.Visible = (User.Identity.IsAuthenticated && Request.QueryString["ReturnUrl"] != null); )
Left by Rafail Ahmadisheff on Dec 23, 2007 4:55 AM

# re: Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Requesting Gravatar...
You will get redirected to the Not Authorized page instead of having the login screen displayed again.
Left by mario oyunları on Sep 22, 2009 12:10 AM

# re: Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Requesting Gravatar...
A virtual tour gives the viewer a complete picture of the property right on his computer without having to make a physical visit. It helps save time for both the real estate agent and the prospective buyer and also helps to evaluate several options and decide faster.
Left by article directory submit on May 08, 2010 6:49 PM

# re: Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Requesting Gravatar...
It helps save time for both the real estate agent and the prospective buyer and also helps to evaluate several options and decide faster.
Left by ses kayıt on Dec 07, 2010 6:19 AM

# re: Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Requesting Gravatar...
We got a grab a book from our area library but I think I learned more clear from this post.
Left by otel on Dec 11, 2011 1:28 AM

# re: Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Requesting Gravatar...
This is a very well written articles. I will be sure to bookmarks it and return to read mores of your useful informations.
Left by investment on Dec 24, 2011 6:51 PM

# re: Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Requesting Gravatar...
Thank that information.
Left by bebek on Jan 25, 2012 11:58 PM

# re: Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Requesting Gravatar...
I just got off the phone with Netflix and the customer service rep stated that Netflix is partnered with Boxee Box, and that Boxee Box will be supporting Netflix.
Left by mafya on Apr 22, 2012 7:34 AM

# re: Redirecting users to Custom "Not Authorized" page while implementing Role Based Authorization.

Requesting Gravatar...
The IT professionals at examcollection have deep exposure of the actual exam requirements and hence they have prepared the Training Exam Questions compatible to requirements of the candidates.
Left by Allen on Nov 07, 2013 3:54 PM

# exam test

Requesting Gravatar...
You’re so good of a author! I dont suppose I’ve read anything like this before. So nice to find somebody lead2pass GCFA with some original thoughts on this subject. Really!,Thank you for starting this up. This website is something that is needed on the web, someone with a little originality! Great job for bringing something new to the internet! lead2pass GPEN
Left by rembo on Aug 01, 2016 11:42 AM

Your comment:

 (will show your gravatar)