S
SkidMarks
Hi Everyone,
I'm probably just missing something simple, but in our Visual Studio 2003
projects, we are using a custom HttpModule to handle the authentication for
our applications against a central single signon server.
By adding some code into our Global.asax.cs file, we are also able to send a
user to an "Access Denied" page if they correctly authenticate, but are not
authorized to view the application.
I have been playing around with Visual Studio 2005 and can't figure out how
to incorporate the same functionality. I have modified my Global.asax (in
the script view since the codebehind window is gone) like so, but no luck...
The problem I'm having with VS 2005 is that the Response.StatusCode is always
302, even when they aren't authorized to view the page. In Visual Studio
2003, it will give me the expected 401 when they are not authorized to view
the page. Any thoughts / suggestions? Or, is there a better way to do this?
Thanks!
David
*** Global.asax ***
public override void Init()
{
this.EndRequest += new System.EventHandler(this.Global_EndRequest);
}
void Global_EndRequest(Object sender, EventArgs e)
{
//This checks to see if user is authenticated but not authorized
//to view current page. If so, redirects to an access denied page.
if (User.Identity.IsAuthenticated && Response.StatusCode == 401)
{
string destURL = Request.Url.GetLeftPart(UriPartial.Authority)
+ Request.ApplicationPath
+ "/AuthFailed.aspx?FailedPage="
+ Request.Url.ToString();
Response.Redirect(destURL);
}
}
*** End snippet ***
I'm probably just missing something simple, but in our Visual Studio 2003
projects, we are using a custom HttpModule to handle the authentication for
our applications against a central single signon server.
By adding some code into our Global.asax.cs file, we are also able to send a
user to an "Access Denied" page if they correctly authenticate, but are not
authorized to view the application.
I have been playing around with Visual Studio 2005 and can't figure out how
to incorporate the same functionality. I have modified my Global.asax (in
the script view since the codebehind window is gone) like so, but no luck...
The problem I'm having with VS 2005 is that the Response.StatusCode is always
302, even when they aren't authorized to view the page. In Visual Studio
2003, it will give me the expected 401 when they are not authorized to view
the page. Any thoughts / suggestions? Or, is there a better way to do this?
Thanks!
David
*** Global.asax ***
public override void Init()
{
this.EndRequest += new System.EventHandler(this.Global_EndRequest);
}
void Global_EndRequest(Object sender, EventArgs e)
{
//This checks to see if user is authenticated but not authorized
//to view current page. If so, redirects to an access denied page.
if (User.Identity.IsAuthenticated && Response.StatusCode == 401)
{
string destURL = Request.Url.GetLeftPart(UriPartial.Authority)
+ Request.ApplicationPath
+ "/AuthFailed.aspx?FailedPage="
+ Request.Url.ToString();
Response.Redirect(destURL);
}
}
*** End snippet ***