将未经授权的用户重定向到自定义页面错误

时间:2012-07-20 10:34:54

标签: c# asp.net

我正在尝试在未经授权的用户访问管理员页面时将其重定向到自定义页面但我收到错误..

Web.Config管理员文件夹

<?xml version="1.0"?>
<configuration>
  <system.web>
    <authorization>
      <allow roles="Administrators" />
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

登录页面代码:

protected void Page_Load(object sender, EventArgs e)
        {
            if (!Page.IsPostBack)
            {
                if (Request.IsAuthenticated && !string.IsNullOrEmpty(Request.QueryString["ReturnUrl"]))
                    Response.Redirect("~/ErrorUNTH.aspx");
            }
}

错误登录为NORMAL USER并访问管理员页面后:

Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="Off"/>
    </system.web>
</configuration>


Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.


<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>

2 个答案:

答案 0 :(得分:2)

删除<deny users="*"/>并添加<deny users="?"/>

  1. ? - 匿名用户
  2. * - 所有用户

    3. 从<{1}}事件中移除代码。

    如果用户未登录,则会自动重定向到 login.aspx 。请查看根Page_Load的{​​{1}}部分。

    <authentication>

答案 1 :(得分:0)

您可以通过在Global.asax.cs的Application_EndRequest事件中添加以下代码来操作“401 Access Denied”响应的内容(如果是这种情况):

protected void Application_EndRequest(Object sender, 
                                             EventArgs e)
  { 
     HttpContext context = HttpContext.Current;
     if (context.Response.Status.Substring(0,3).Equals("401"))
     {
        context.Response.ClearContent();
        context.Response.Write("<script language="javascript">" + 
                     "self.location='../login.aspx';</script>");
     } 
  }

当浏览器识别401并且没有凭据时,将发生客户端重定向。浏览器将显示自定义的401页面。

相关问题
最新问题