I want to send users to an Access Denied page rather than the Login
page when they are authenticated but not authorized to see a specific
page while using Forms based authentication in ASP.Net.
the solution in VB is to check the status code in the
Global_EndRequest method of the Global.asax. However, in c# you have
to add your own method to the EndRequest event rather than using the
standard Application_EndRequest that exists in the global.asax.
Has anyone else seen this bahavior?
Can anyone explain this behavior?
Is this a bug?
Code in the Global.asax:
protected void Application_EndRequest(Object sender, EventArgs e)
{
System.Diagnostics.Debug.WriteLine("Application_En dRequest");
System.Diagnostics.Debug.WriteLine("URL: " +
HttpContext.Current.Request.Url.AbsolutePath.ToStr ing());
System.Diagnostics.Debug.WriteLine("Staus Code: " +
HttpContext.Current.Response.StatusCode);
System.Diagnostics.Debug.WriteLine("Authenticated: " +
HttpContext.Current.User.Identity.IsAuthenticated) ;
}
protected void Global_EndRequest(Object sender, EventArgs e)
{
System.Diagnostics.Debug.WriteLine("Global_EndRequ est");
System.Diagnostics.Debug.WriteLine("URL: " +
HttpContext.Current.Request.Url.AbsolutePath.ToStr ing());
System.Diagnostics.Debug.WriteLine("Staus Code: " +
HttpContext.Current.Response.StatusCode);
System.Diagnostics.Debug.WriteLine("Authenticated: " +
HttpContext.Current.User.Identity.IsAuthenticated) ;
}
#region Web Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.EndRequest += new
System.EventHandler(this.Global_EndRequest);
}
#endregion
Result:
Global_EndRequest
URL: /WebAuthentication/authenticated/Role4Only.aspx
Staus Code: 401
Authenticated: True
Application_EndRequest
URL: /WebAuthentication/authenticated/Role4Only.aspx
Staus Code: 302
Authenticated: True