Home/ Questions/Q 8864805
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T16:20:40+00:00

If a membership user try to get access to a specific folder and it

  • 0

If a membership user try to get access to a specific folder and it is now allowed by roles, the system is redirected to /Account/Index and asks for login and password again.

I would like to change that behavior since the user is already logged in and I just want to redirect to another /controller/action.

Could I get some help from here?
Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I do something similar in all of my web applications. If a user has authenticated, but does not meet the security requirements to view the page I throw an HTTP 403 exception and then display a specific view for the 403 exceptions.

    This is the snippet from my custom authorize attribute:

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) {
    if (filterContext.HttpContext.Request.IsAuthenticated) {
        //If the user is authenticated, but not authorized to view the requested page (i.e. not a member of the correct group), return an HTTP 403 exception.
        throw new HttpException(403, string.Format("The user {0} was not authorized to view the following page: {1}", filterContext.HttpContext.User.Identity.Name, filterContext.HttpContext.Request.Url));
    } else {
        base.HandleUnauthorizedRequest(filterContext);
    }
}

    And here is the snippet from my Global.asax where I actually perform the view response (this assumes an ErrorController exists and then a view called Error403:

    protected void Application_Error() {
    var exception = Server.GetLastError();
    var httpException = exception as HttpException;

    Response.Clear();
    Server.ClearError();

    var routeData = new RouteData();
    routeData.Values["controller"] = "Error";
    routeData.Values["action"] = "Error500";

    Response.StatusCode = 500;
    Response.TrySkipIisCustomErrors = true;

    if (httpException != null) {
        Response.StatusCode = httpException.GetHttpCode();
        switch (Response.StatusCode) {
            case 403:
                routeData.Values["action"] = "Error403";
                break;
            case 404:
                routeData.Values["action"] = "Error404";
                routeData.Values["message"] = httpException.Message;
                break;
            case 500:
                routeData.Values["action"] = "Error500";
                break;
        }
    }

    IController errorsController = new ErrorController();
    var rc = new RequestContext(new HttpContextWrapper(Context), routeData);
    errorsController.Execute(rc);
}
    • 0