Roles based Forms Auth - denied pages redirect

[Shaun]

I would like to know how, if at all possible, a custom redirect page can be setup for when a users role(s) are denied to a page.
The default behaviour seems to be back to the default/login page but I need to tell the user that they are not allowed the access the requested.
The site in question in basically just html pages pages that have no code in them, so I cannot use page behind code. I also set permissions to various parts of the site using web.config files and cannot hard-code checking in the pages as this may change.

This is my second attemt to find out.

For now I am finding the next 'upstream' web.config in an httpmodule and checking the users roles against those int he web.config.
This is far from ideal - surely forms auth should handle this so I do not have to write such code and lookup web.config files for each request (I know these could be cached, but still not ideal).

Thanks in advance ......


--------------------------
Shaun Venus

emailid: sunevnuahs
domain: hotmail.com
--------------------------

 

[Jim Cheshire [MSFT]]

Shaun,

Are you trying to do something along the lines of a customErrors page for a
401? If so, that's not possible.

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

Thread-Topic: Roles based Forms Auth - denied pages redirect
thread-index: AcRtb54WpJXf4HAUTji/o69pj74rmw==
X-WBNR-Posting-Host: 194.205.4.1
From: "=?Utf-8?B?U2hhdW4=?=" <[email protected]>
Subject: Roles based Forms Auth - denied pages redirect
Date: Mon, 19 Jul 2004 02:06:03 -0700
Lines: 18
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:10854
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

I would like to know how, if at all possible, a custom redirect page can

be setup for when a users role(s) are denied to a page.

The default behaviour seems to be back to the default/login page but I

need to tell the user that they are not allowed the access the requested.

The site in question in basically just html pages pages that have no code

in them, so I cannot use page behind code. I also set permissions to
various parts of the site using web.config files and cannot hard-code
checking in the pages as this may change.

This is my second attemt to find out.

For now I am finding the next 'upstream' web.config in an httpmodule and

checking the users roles against those int he web.config.

This is far from ideal - surely forms auth should handle this so I do not

have to write such code and lookup web.config files for each request (I
know these could be cached, but still not ideal).

 

[Shaun]

Jim,

Thanks for getting back to me. Here's what I have done so far .....

I have a site with many different content areas that users can subscribe to. Each of these areas (in its own folder) has a web.config to specify the roles allowed access, the user belongs to the roles allowed for the subscribed areas.

As I could not find a way to do the custom error page I have used the usual code in global.asax to retrieve the roles that were stored in the UserData of the AuthenticationTicket at login.
Then an HttpModule is used to to look back up the path of the request and find the nearest upstream web.config from which the roles are extracting using an XPath query. From these I can find out if the user is allowed access to the content.
Obviously this is not ideal as there is lots of IO in finding the web.config file. I am caching them and working on a way of parsing the requests path to reduce the IO further.

If this is the only way to go then I will continue down this path. Just a shame that the 'deny' from the web.config cannot be used to trigger a redirect to a custom page - from which I could tell the user they are not subscribed to that content area etc.

Thanks again for your time,

Shaun


--------------------------
Shaun Venus

emailid: sunevnuahs
domain: hotmail.com
--------------------------

Shaun,

Are you trying to do something along the lines of a customErrors page for a
401? If so, that's not possible.

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

Thread-Topic: Roles based Forms Auth - denied pages redirect
thread-index: AcRtb54WpJXf4HAUTji/o69pj74rmw==
X-WBNR-Posting-Host: 194.205.4.1
From: "=?Utf-8?B?U2hhdW4=?=" <[email protected]>
Subject: Roles based Forms Auth - denied pages redirect
Date: Mon, 19 Jul 2004 02:06:03 -0700
Lines: 18
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:10854
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

I would like to know how, if at all possible, a custom redirect page can

be setup for when a users role(s) are denied to a page.

The default behaviour seems to be back to the default/login page but I

need to tell the user that they are not allowed the access the requested.

The site in question in basically just html pages pages that have no code

in them, so I cannot use page behind code. I also set permissions to
various parts of the site using web.config files and cannot hard-code
checking in the pages as this may change.

This is my second attemt to find out.

For now I am finding the next 'upstream' web.config in an httpmodule and

checking the users roles against those int he web.config.

This is far from ideal - surely forms auth should handle this so I do not

have to write such code and lookup web.config files for each request (I
know these could be cached, but still not ideal).

Thanks in advance ......


--------------------------
Shaun Venus

emailid: sunevnuahs
domain: hotmail.com

 

[Jim Cheshire [MSFT]]

Hi Shaun,

The fact that you are doing this successfully with an HttpModule confirms a
post that I just made in another thread. I wasn't sure if it was possible,
but figured that an HttpModule would be the only possible way.

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

Thread-Topic: Roles based Forms Auth - denied pages redirect
thread-index: AcRvAfKA88UipZTAQUOeq6ZPy9Ei4A==
X-WBNR-Posting-Host: 194.205.4.1
From: "=?Utf-8?B?U2hhdW4=?=" <[email protected]>
References: <[email protected]>

Subject: RE: Roles based Forms Auth - denied pages redirect
Date: Wed, 21 Jul 2004 02:06:02 -0700
Lines: 93
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:10889
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

Jim,

Thanks for getting back to me. Here's what I have done so far .....

I have a site with many different content areas that users can subscribe

to. Each of these areas (in its own folder) has a web.config to specify
the roles allowed access, the user belongs to the roles allowed for the
subscribed areas.

As I could not find a way to do the custom error page I have used the

usual code in global.asax to retrieve the roles that were stored in the
UserData of the AuthenticationTicket at login.

Then an HttpModule is used to to look back up the path of the request and

find the nearest upstream web.config from which the roles are extracting
using an XPath query. From these I can find out if the user is allowed
access to the content.

Obviously this is not ideal as there is lots of IO in finding the

web.config file. I am caching them and working on a way of parsing the
requests path to reduce the IO further.

If this is the only way to go then I will continue down this path. Just a

shame that the 'deny' from the web.config cannot be used to trigger a
redirect to a custom page - from which I could tell the user they are not
subscribed to that content area etc.

Thanks again for your time,

Shaun


--------------------------
Shaun Venus

emailid: sunevnuahs
domain: hotmail.com
--------------------------

Shaun,

Are you trying to do something along the lines of a customErrors page for a
401? If so, that's not possible.

Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
(e-mail address removed)

This post is provided "AS-IS" with no warranties and confers no rights.

--------------------

Thread-Topic: Roles based Forms Auth - denied pages redirect
thread-index: AcRtb54WpJXf4HAUTji/o69pj74rmw==
X-WBNR-Posting-Host: 194.205.4.1
From: "=?Utf-8?B?U2hhdW4=?=" <[email protected]>
Subject: Roles based Forms Auth - denied pages redirect
Date: Mon, 19 Jul 2004 02:06:03 -0700
Lines: 18
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.aspnet.security
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 127.0.0.1
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet.security:10854
X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security

I would like to know how, if at all possible, a custom redirect page

can
be setup for when a users role(s) are denied to a page.

The default behaviour seems to be back to the default/login page but I

need to tell the user that they are not allowed the access the requested.

The site in question in basically just html pages pages that have no

code
in them, so I cannot use page behind code. I also set permissions to
various parts of the site using web.config files and cannot hard-code
checking in the pages as this may change.

This is my second attemt to find out.

For now I am finding the next 'upstream' web.config in an httpmodule

and
checking the users roles against those int he web.config.

This is far from ideal - surely forms auth should handle this so I do

not
have to write such code and lookup web.config files for each request (I
know these could be cached, but still not ideal).

Thanks in advance ......


--------------------------
Shaun Venus

emailid: sunevnuahs
domain: hotmail.com