IIS7.5 HttpErrors ExecuteURL 未执行
我完全被这个问题难住了。基本上,我有一个带有自定义 AuthorizeAttribute 的 MVC 页面,如果用户经过身份验证但没有适当的访问权限,则会抛出 403 错误。我遇到的问题是我想将此错误重定向到自定义控制器/操作(/Error/Unauthorized)。
我在 web.config 中添加了以下内容
<httpErrors errorMode="Custom">
<remove statusCode ="403" subStatusCode="-1"/>
<error statusCode="403" path="/Error/Unauthorized" responseMode="ExecuteURL" />
</httpErrors>
使用上述配置,我没有看到默认的 IIS 7.5 403 重定向。然而,我也没有看到任何东西。在 IE 中,它告诉我该网站需要您登录,而 chrome 只显示一个空白页面。
有什么想法吗?
这是自定义授权代码,以防有帮助
public class CustomAuthorize : AuthorizeAttribute
{
//Property to allow array instead of single string.
private string[] _authorizedRoles;
public string[] AuthorizedRoles
{
get { return _authorizedRoles ?? new string[0]; }
set { _authorizedRoles = value; }
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
if (filterContext.HttpContext.Request.IsAuthenticated)
{
filterContext.HttpContext.Response.TrySkipIisCustomErrors = true;
filterContext.Result = new HttpStatusCodeResult(403);
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
throw new ArgumentNullException("httpContext");
if (!httpContext.User.Identity.IsAuthenticated)
return false;
//Check to see if any of the authorized roles fits into any assigned roles only if roles have been supplied.
if (AuthorizedRoles.Any(httpContext.User.IsInRole))
return true;
return false;
}
}
I am thoroughly stumped on this one. Basically, I have an MVC page with a custom AuthorizeAttribute that throws a 403 error if a user is authenticated, but does not have appropriate access. The problem I am having is that I would like to redirect this error to a custom controller/action (/Error/Unauthorized).
I have added the following in my web.config
<httpErrors errorMode="Custom">
<remove statusCode ="403" subStatusCode="-1"/>
<error statusCode="403" path="/Error/Unauthorized" responseMode="ExecuteURL" />
</httpErrors>
With the above configuration, I do not see the default IIS 7.5 403 redirect. However, I also do not see anything. In IE, it tells me that the website requires you to login and chrome just shows me a blank page.
Any ideas?
Here is the custom authorization code in case that might help
public class CustomAuthorize : AuthorizeAttribute
{
//Property to allow array instead of single string.
private string[] _authorizedRoles;
public string[] AuthorizedRoles
{
get { return _authorizedRoles ?? new string[0]; }
set { _authorizedRoles = value; }
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
if (filterContext.HttpContext.Request.IsAuthenticated)
{
filterContext.HttpContext.Response.TrySkipIisCustomErrors = true;
filterContext.Result = new HttpStatusCodeResult(403);
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
throw new ArgumentNullException("httpContext");
if (!httpContext.User.Identity.IsAuthenticated)
return false;
//Check to see if any of the authorized roles fits into any assigned roles only if roles have been supplied.
if (AuthorizedRoles.Any(httpContext.User.IsInRole))
return true;
return false;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,我不确定这是否真的正确,但它符合我的症状。 http://forums.asp.net/t/1462153.aspx/1
我不高兴必须对重定向进行编码,但我尝试使其至少明确以方便将来的可维护性。
OK, I am not sure if this is truly correct or not, but it fits my symptoms. http://forums.asp.net/t/1462153.aspx/1
I am not happy that I have to code the redirect, but I tried to make it at least explicit for future maintainability.