如何防止IIS7处理HTTP状态码401？ [英] How to prevent IIS7 for handling HTTP status code 401?

问题描述

我正在使用我的ASP.NET MVC 2项目。我创建异常过滤器来捕获用户没有权限查看某些操作时发生的未经授权的访问异常。

  [CustomError（typeof （UnauthorizedAccessException），错误，UnauthorizedAccess）] 
 public class MyController：BaseController 
 {
} 
  

抛出异常后，我的过滤器将转移到以下方法的配置控制器/操作。

  public ActionResult UnauthorizedAccess（ExceptionContext context）
 {
 Response.StatusCode = CustomHttpStatusCode.UnauthorizedUser; 
 
 return View（model）; 
} 
  

最后，在ASP.NET应用程序结束此请求之前，它将调用以下方法位于Global.ascx中，用于将自定义HTTP状态代码更改为HTTP状态401（未经授权的访问）。

  public void Application_EndRequest对象发件人，EventArgs e）
 {
 if（Response.StatusCode == CustomHttpStatusCode.UnauthorizedUser）
 {
 Response.StatusCode = 401; 
} 
} 
  

一切都在我的机器上工作正常（IIS 7.5） 。但它在我的部署网站上不起作用。它仍然返回纯文本您没有权限查看此目录或页面。而不是我的自定义错误页面。

PS。以下配置是我当前这个case的web.config。

 <？xml version =1.0encoding =UTF -8\" >？; 
< configuration> 
< system.web> 
< customErrors mode =On>< / customErrors> 
< /system.web> 
< system.webServer> 
< httpErrors errorMode =自定义> 
< remove statusCode =502subStatusCode = -  1/> 
< remove statusCode =501subStatusCode = -  1/> 
< remove statusCode =500subStatusCode = -  1/> 
< remove statusCode =412subStatusCode = -  1/> 
< remove statusCode =406subStatusCode = -  1/> 
< remove statusCode =405subStatusCode = -  1/> 
< remove statusCode =404subStatusCode = -  1/> 
< remove statusCode =403subStatusCode = -  1/> 
< remove statusCode =401subStatusCode = -  1/> 
< / httpErrors> 
< /system.webServer> 
< / configuration> 
  

解决方案

我刚刚找到了解决这个问题的简单方法。我只是添加新的设置到web.config文件，如下面的代码。一切都可以在我的部署网站上运行。

  <？xml version =1.0encoding =utf-8？> ; 
< configuration> 
< system.webServer> 
< httpErrors errorMode =CustomexistingResponse =PassThrough> 
< remove statusCode =502subStatusCode = -  1/> 
< remove statusCode =501subStatusCode = -  1/> 
< remove statusCode =500subStatusCode = -  1/> 
< remove statusCode =412subStatusCode = -  1/> 
< remove statusCode =406subStatusCode = -  1/> 
< remove statusCode =405subStatusCode = -  1/> 
< remove statusCode =404subStatusCode = -  1/> 
< remove statusCode =403subStatusCode = -  1/> 
< remove statusCode =401subStatusCode = -  1/> 
< / httpErrors> 
< /system.webServer> 
< / configuration> 
  

所以我可以在纯文本和JSON响应中创建自定义错误页面。

有关详细信息： HttpErrorsSection Class

PS。但是我无法在IIS管理器的错误页面功能中找到 existingResponse 属性。

I'm working my ASP.NET MVC 2 project. I create exception filter for catching unauthorized access exception that occur when user does not has permission to view some action.

[CustomError(typeof(UnauthorizedAccessException), "Error", "UnauthorizedAccess")]
public class MyController : BaseController
{
}

After exception has been thrown, my filter will transfer to configured controller/action that is the following method.

public ActionResult UnauthorizedAccess(ExceptionContext context)
{
    Response.StatusCode = CustomHttpStatusCode.UnauthorizedUser;

    return View(model);
}

Finally, before ASP.NET application end this request, it will call the following method that located in Global.ascx for changing custom HTTP status code to HTTP status 401(unauthorized access).

public void Application_EndRequest(object sender, EventArgs e)
{
    if (Response.StatusCode == CustomHttpStatusCode.UnauthorizedUser)
    {
        Response.StatusCode = 401;
    }
}

Everything is work fine on my machine (IIS 7.5). But it does not work on my deploy website. It still return plain text "You do not have permission to view this directory or page." instead of my custom error page.

PS. The following config is my current web.config for this case.

  <?xml version="1.0" encoding="UTF-8"?>
  <configuration>
    <system.web>
      <customErrors mode="On"></customErrors>
    </system.web>
    <system.webServer>
      <httpErrors errorMode="Custom">
         <remove statusCode="502" subStatusCode="-1" />
         <remove statusCode="501" subStatusCode="-1" />
         <remove statusCode="500" subStatusCode="-1" />
         <remove statusCode="412" subStatusCode="-1" />
         <remove statusCode="406" subStatusCode="-1" />
         <remove statusCode="405" subStatusCode="-1" />
         <remove statusCode="404" subStatusCode="-1" />
         <remove statusCode="403" subStatusCode="-1" />
         <remove statusCode="401" subStatusCode="-1" />
      </httpErrors>
    </system.webServer>
  </configuration>

解决方案

I just found easy solution for this problem. I just add new setting in to web.config file like the following code. Everything works fine on my deployment website.

  <?xml version="1.0" encoding="utf-8"?>
  <configuration> 
    <system.webServer>
      <httpErrors errorMode="Custom" existingResponse="PassThrough">
          <remove statusCode="502" subStatusCode="-1" />
          <remove statusCode="501" subStatusCode="-1" />
          <remove statusCode="500" subStatusCode="-1" />
          <remove statusCode="412" subStatusCode="-1" />
          <remove statusCode="406" subStatusCode="-1" />
          <remove statusCode="405" subStatusCode="-1" />
          <remove statusCode="404" subStatusCode="-1" />
          <remove statusCode="403" subStatusCode="-1" />
          <remove statusCode="401" subStatusCode="-1" />
      </httpErrors>
    </system.webServer>
  </configuration>

So I can create custom error page both in plain text and JSON response too.

For more information: HttpErrorsSection Class

PS. But I cannot found existingResponse attribute in Error Pages feature of IIS manager.

这篇关于如何防止IIS7处理HTTP状态码401？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！