I'm working my ASP.NET MVC 2 project. I create exception filter for catching unauthorized access exception that occur when user does not has permission to view some action.
[CustomError(typeof(UnauthorizedAccessException), "Error", "UnauthorizedAccess")]
public class MyController : BaseController
{
}
After exception has been thrown, my filter will transfer to configured controller/action that is the following method.
public ActionResult UnauthorizedAccess(ExceptionContext context)
{
Response.StatusCode = CustomHttpStatusCode.UnauthorizedUser;
return View(model);
}
Finally, before ASP.NET application end this request, it will call the following method that located in Global.ascx for changing custom HTTP status code to HTTP status 401(unauthorized access).
public void Application_EndRequest(object sender, EventArgs e)
{
if (Response.StatusCode == CustomHttpStatusCode.UnauthorizedUser)
{
Response.StatusCode = 401;
}
}
Everything is work fine on my machine (IIS 7.5). But it does not work on my deploy website. It still return plain text "You do not have permission to view this directory or page." instead of my custom error page.
PS. The following config is my current web.config for this case.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<customErrors mode="On"></customErrors>
</system.web>
<system.webServer>
<httpErrors errorMode="Custom">
<remove statusCode="502" subStatusCode="-1" />
<remove statusCode="501" subStatusCode="-1" />
<remove statusCode="500" subStatusCode="-1" />
<remove statusCode="412" subStatusCode="-1" />
<remove statusCode="406" subStatusCode="-1" />
<remove statusCode="405" subStatusCode="-1" />
<remove statusCode="404" subStatusCode="-1" />
<remove statusCode="403" subStatusCode="-1" />
<remove statusCode="401" subStatusCode="-1" />
</httpErrors>
</system.webServer>
</configuration>
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
