Sending a 403 response

Martin Robins · Mar 7, 2006

I have an application which uses Windows Authentication to identify users
and ensure that they are on a domain. Once access is granted at this level,
I then check their login name against a database of validated users to
determine whether the particular user can actually use the system.

If a user is not in the database, I want to respond with the same error page
as would be seen if they failed the windows authentication; the 403
forbidden access page. I have tried setting Response.StatusCode to 403 and
then calling Response.End() but this simply leaves the client with an empty
page. How do I have IIS automatically divert to whatever the current 403
page on the site is?

Cheers.

Juan T. Llibre · Mar 7, 2006

re:

I have tried setting Response.StatusCode to 403 and then calling Response.End() but this simply
leaves the client with an empty page.

How do I have IIS automatically divert to whatever the current 403 page on the site is?

You could copy the 403 page to your application,
from drive:\WINDOWS\Help\iisHelp\common , and response.redirect to it
if the client fails authentication in the database of validated users.

You could also raise an exception, based on the client not being found in
your database of validated users, and response.redirect based on that.

Martin Robins · Mar 7, 2006

Am I to take it then that there is no built in support for this?

(BTW: ASP.net 2.0)

Guest · Mar 7, 2006

Martin,

C:\WINDOWS\Help\iisHelp\common
Copy the page to your application for maximum portability.
response.redirect("403-2.htm")

Good Luck
DWS

PS Please vote for one of my designs "The Hand is Quicker Than the Eye" or
"Software" http://blog.mix06.com/contest/gallery/default.aspx

Thanks
DWS

Juan T. Llibre · Mar 7, 2006

Raising an exception, based on the client not being found in your database
of validated users, and response.redirecting based on that is an ASP.NET 2.0
way of doing what you want to do.

ASP.NET doesn't have anything to do with HTTP Status Codes. IIS does.

In order for an IIS status code exception to be redirected to a custom page,
it has to be handled by IIS itself.

Http 403 Response, rather than default.aspx, when site's root requested	8	Jul 25, 2009
How to submit form after calling curl post	4	Jan 1, 2023
Sending data from web page to Raspberry Pi	0	Nov 26, 2022
403: Forbidden when sending client certificate to remove web servi	1	May 22, 2009
HTTP Error 403 - Forbidden Error -asp.net	0	Apr 8, 2009
Sending a file to Response	2	Sep 19, 2007
Membership Security 403 - how to direct to Custom page instead of Login page	4	Jun 24, 2007
Why no 403 error for Forms Auth?	2	Dec 1, 2003

Sending a 403 response

Martin Robins

Juan T. Llibre

Martin Robins

Guest

Juan T. Llibre

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads