Home/ Questions/Q 8308449
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T18:49:09+00:00

I learned I can redirect the user to a different page like this http://www.asp.net/web-forms/tutorials/security/membership/user-based-authorization-vb

  • 0

I learned I can redirect the user to a different page like this http://www.asp.net/web-forms/tutorials/security/membership/user-based-authorization-vb but I am wondering if there is a better way? Also, how can I just send an error message, instead of doing a redirect to a different view?

For instance, here is my code:

<Authorize(Roles:="Administrator")>
Public Class CompanyController

Could I add something like an error message to this if the user logs in but doesn’t have the right credentials? Could I set an error in the ViewBag.Error? Thanks for your help.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The point of the Authorize attribute is to prevent access to the controller action if the user is not allowed. It doesn’t execute the action at all and redirects to the LogOn action by default. The fact that the original action was not executed means that the view was not rendered.

    If you don’t want to get redirected to the LogOn action but create some custom view that will be rendered you could write a custom Authorize attribute and override the HandleUnauthorizedRequest method:

    Public Class MyAuthorizeAttribute
    Inherits AuthorizeAttribute

    Protected Overrides Sub HandleUnauthorizedRequest(filterContext As AuthorizationContext)
        Dim result = New ViewResult()
        result.ViewName = "Forbidden"
        result.ViewBag.ErrorMessage = "oops, you are not allowed"
        filterContext.Result = result
End Sub
End Class

    and then define the ~/Views/Shared/Forbidden.vbhtml view that will be rendered:

    <h3>@ViewBag.ErrorMessage</h3>

    and finally decorate your controller with this custom attribute:

    <MyAuthorize(Roles:="Administrator")>
Public Class CompanyController
    • 0