HTTP Error 401.0 - Unauthorized
Hello,
One the 5.1 platform, when Anonymous user is trying to load a page with restricted rights (only for authorized) he gets this error.
HTTP Error 401.0 - Unauthorized
You do not have permission to view this directory or page.
Instead of this error, I would like to send the user to the sign up page.
Here are our current values web.config
<customErrors mode="On" defaultRedirect="~/Login.aspx">
<error statusCode="401" redirect="~/Login.aspx" />
<error statusCode="403" redirect="~/Login.aspx" />
<error statusCode="404" redirect="~/Login.aspx" />
</customErrors>
Here are our current values Global.asax
protected void Application_Error(object sender, EventArgs e)
var currentPage = HttpContext.Current.Request.Url.ToString();
Exception ex = Server.GetLastError();
if (ex.Message == "The remote server returned an error: (401) Unauthorized.")
Response.Redirect("~/login.aspx?returnurl=" + currentPage);
Server.ClearError();
Any help will be greatly appreciated. We've been fighting this issue for too long now and the client's getting grumpy. Thanks!
I just upgraded to 5.2 and now I'm getting those 401.
On the previous version (5.0), I was getting 403, which were handled in global.asax and it work great, but now with 5.2, I get 401 and it doesn't work when trying to catch them in Application_Error.
Recently upgraded a site from 4.3 to 5.2 and now the 401 code in the Global.asax.cs file doesn't run, the other events do. What gives?
Here's the reply I got from support:
[quote]Let's start with how authentication works in Sitefinity. There are two possible situations:You have a user, who's logged in, but doesn't have permissions to see a page. In this case an error of 403 Forbidden is raised.An anonymous user is accessing a page, which is visible for authenticated users only. In this case a 401 Unauthorized error message is generated, which is handled by our source code and results in a 302 response.
The above cases are valid for both Forms and Claims based authentication and their implementation follows the HTTP protocol specification, which can be found here.
In Siteifnity 5.2 there is an event for unauthorized access on front end page, where you can redirect the response depending on your needs. You can take a look on the attached file for an example how to perform the redirect. I hope you will find it useful although it is not just a configuration, but it is much more flexible.
[/quote]
Here's the code from the attached Global.asax:
protected
void
Application_Start(
object
sender, EventArgs e)
Bootstrapper.Initialized +=
new
EventHandler<Telerik.Sitefinity.Data.ExecutedEventArgs>(Bootstrapper_Initialized);
void
Bootstrapper_Initialized(
object
sender, Telerik.Sitefinity.Data.ExecutedEventArgs e)
EventHub.Subscribe<IUnauthorizedPageAccessEvent>(
new
Telerik.Sitefinity.Services.Events.SitefinityEventHandler<IUnauthorizedPageAccessEvent>(OnUnauthorizedAccess));
void
OnUnauthorizedAccess(IUnauthorizedPageAccessEvent unauthorizedEvent)
var url = unauthorizedEvent.Page.Url.TrimStart(
'~'
);
if
(unauthorizedEvent.Page.Title.Contains(
"pp"
))
unauthorizedEvent.HttpContext.Response.Redirect(
"~/p1"
);
else
unauthorizedEvent.HttpContext.Response.Redirect(
"~/"
);
Thanks Pierre! Any chance you still have the attached file they referenced and if so can you add it to the post?
-Ben
I edited my reply to include the code.
Awesome, thanks!
-Ben