How To Raise 401 Error In Asp.net
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up How to generate an 401 error programatically in an ASP.NET page up vote 27 down vote favorite 8 As you can see this is a question from a non web developer. I would like to have an ASPX page which, under certain circumstances, can generate a 401 error from code. Ideally it would show the IIS standard page. Any ideas are welcome. c# asp.net iis asp.net-2.0 share|improve this question edited Jan 14 '14 at 15:35 Rap 4,21712667 asked Oct 20 '08 at 6:53 Detlef D. Doerscheln 2963713 add a comment| 5 Answers 5 active oldest votes up vote 38 down vote accepted Set Response.StatusCode and then - if you need to stop execution - call Response.End(). share|improve this answer answered Oct 20 '08 at 7:00 Jon Skeet 901k48765347461 add a comment| up vote 42 down vote Response.StatusCode = 401; Response.End(); share|improve this answer answered Oct 20 '08 at 7:00 Mark Cidade 71.5k23181212 5 I've no idea why this has been voted down - it's pretty much the same as my (voted up) answer, just in code form. Sure, it doesn't have the links which may be useful, but it's still a perfectly good answer... –Jon Skeet Oct 20 '08 at 7:10 I totally agree with Jon. Since I can't accept two answers, I accepted Jon's answer and voted up this one. The are a few things I should figure out by myself though but it gave me a head start. Thanks! –Detlef D. Doerscheln Oct 20 '08 at 9:08 2 It was probably voted down because it was submitted just after @jon's so it looked like a piggy-back answer (although they were both written simultaneously). Thanks for the upvotes though : ) –Mark Cidade Oct 20 '08 at 9:11 The problem this Jon's approach, and this one, is that Forms authentication will see someone trying to return 401, intercept it, re-write it as 302. So rather than returning 401, the user agent is presented 302 Found. –Ian Boyd Feb 18 at 22:18 add a comment| up vote 33 down vote I think I still prefer: throw new HttpException(401, "Auth Failed") I don't think the Response.StatusCode method triggers custom errors defined in the web.config file, e.g.
I force 401 error when user not authenticated? - ASP.NET Security Currently I have succesfully implemented role-based folder security using roles and web.config http://www.justskins.com/forums/can-i-force-401-a-65751.html in each folder. This works great - if a user is not authenticated or a member of an allowed role, that user cannot access the resource (woohoo!). When the http://www.ozkary.com/2014/05/custom-error-page-401-access-denied.html disallowed user tries to access the resource, it redirects them to a login page. What I want is that, when an unauthorized user tries to access a secure how to resource, I want it to raise a 401 error (which would then call my 401 customer error page). Can I do this? In my web.config for the application, I have: Page 401 Access Denied when Using Windows Authentication ASP.NET provides us with the ability to add custom pages for HTTP errors via Web.config CustomErrors tag. This however does not work when we try to handle the 401 error under Windows authentication. The reason for this is that this error (401) is raised during the Authorization request event on the HttpApplication process pipeline (see below), and Custom error settings are processed during the Action Method invocation (ASP.NET Handler.ProcessRequest event). HTTP Process Pipeline HTTP 401 Error browser Interaction The common interaction between the browser and the server is as follows: The browser sends request with no authentication tokens. The server responds with a 401.2 HTTP error. The browser send authentication tokens if the user is already logged. If the user is not, the browser shows a login dialog. Even if the user is logged on, but he does not have the required role for this access, the server returns a 401.2 error and displays the Access Denied Page. To provide a custom page for the Access Denied error, we should implement the following:Use httpErrors Configuration settings Allow Anonymous Access to content Allow Anonymous Access to controller actions Use httpErrors Configuration settings