Hi Dylan,
Your question is a little vague so I've made a couple of assumptions:
namely that you're using ASP.NET 2 hosted in IIS 6. I would hesitate
before trying to write my own security-related code especially in an
internet application; Microsoft provides a lot of this for you inside
IIS and I'd lean towards giving IIS the resposibility of returning 403
Forbidden errors. You can always customise the 403 page to your own
liking by changing your server's configuration. However, if you're dead
keen on rolling your own code, you can use HttpServerUtility.Transfer()
to transfer control to another aspx page. An instance of
HttpServerUtility can be obtained from a System.Web.UI.Page's Server
property. Just don't forget to set the StatusCode property on the
response object of your custom "forbidden" page. Finally, it might be
an idea to centralize your logic: if you throw a new sub type of
Exception to signify that a 403 error page should be displayed, you
could catch this in the Global.asax's Application_Error event handler
(or use the web config's customErrors section).
Cheers,
Jono
Dylan Parry wrote:
Hi folks,
I've been searching for this for some time, but all I seem to be able to
find are pages describing how to set custom error pages, whereas what I
want to do is simply redirect the user to a standard error page.
This pseudo-code demonstrates what I want to do:
if (condition) {
Redirect to 403 error;
}
else {
DoSomethingElse();
}
Any ideas how I would accomplish this?
Cheers,
--
Dylan Parry - http://webpageworkshop.co.uk
Programming, n: A pastime similar to banging one's head
against a wall, but with fewer opportunities for reward.