ASP.NET MVC应用程序的自定义401错误页面 [英] Custom 401 error page for ASP.NET MVC application
问题描述
我创建了一个使用集成Windows身份验证的ASP.NET MVC应用程序.实现了以下授权逻辑:
I created an ASP.NET MVC application that uses integrated Windows Authentication. The following authorization logic was implemented:
-
尝试通过NTLM从活动目录获取帐户凭据.
Try to get account credentials from active directory through NTLM.
- 如果收到凭据并且Windows帐户具有必需的权限,则执行请求的操作.
- 否则,请转到第2条.
显示Windows身份验证对话框,因此用户可以提供另一个凭据:
Display the Windows authentication dialog, so a user can provide another credentials:
- 如果收到其他凭据,并且用户具有必需的权限,则执行请求的操作.
- 如果未收到其他凭据或帐户权限少于要求的凭据,请重复第2条.
- 如果取消了身份验证对话框,则会显示401错误消息.
然后,我使用 VictorySaber的解决方案为应用程序添加了自定义错误页面:
Then I have added custom error pages for the application, using VictorySaber's solution:
protected void Application_EndRequest()
{
int status = Response.StatusCode;
string actionName;
if (status >= 400 && status < 500)
{
switch (status)
{
case 401:
actionName = "Unauthorized";
break;
// Handle another client errors
default:
actionName = "BadRequest";
break;
}
}
else if (status >= 500 && status < 600)
{
switch (status)
{
case 501:
actionName = "NotImplemented";
break;
// Handle another server errors
default:
actionName = "InternalServerError";
break;
}
}
if (!String.IsNullOrEmpty(actionName))
{
Response.Clear();
var rd = new RouteData();
rd.Values["controller"] = "Errors";
rd.Values["action"] = actionName;
IController c = new ErrorsController();
c.Execute(new RequestContext(new HttpContextWrapper(Context), rd));
}
}
结果是呈现了我的友好错误页面.但是不会出现Windows身份验证对话框.如果出现401 HTTP状态代码,则会立即显示401错误消息. web.config 文件的<httpErrors>部分的技巧给出了相同的结果.
As result my friendly error pages are rendered. But the Windows authentication dialog does not appear. If the 401 HTTP status code occurs it immediately displays 401 error message. The trick with the <httpErrors> section of web.config file gives same result.
此外,我发现提案来捕获 401.2 取消对话框时应出现的HTTP状态代码.但就我而言,代码永远不会发生.
Also, I found proposal to catch the 401.2 HTTP status code that should occur when the dialog is cancelled. But in my case the code never occurs.
如何使用用户友好的错误页面代替默认消息,但不更改身份验证对话框逻辑?
How to use user friendly error pages instead of default messages but don't change authentication dialog logic?
我需要实现以下要求:
- 仅对AD帐户没有必需权限的用户显示Windows身份验证对话框,以允许该用户提供其他凭据.
- 未提供正确的凭据或用户未取消它时,会出现该对话框.
- 仅当用户取消对话框时,才会显示自定义401错误页面.
推荐答案
默认情况下,仅当设置了SetStatus标志时,服务器才会保持响应不变.因此,有必要明确指定当HTTP状态代码为错误时IIS必须如何处理现有响应.
By default the server leaves the response untouched only if the SetStatus flag is set. So, it is necessary to clearly specifiy what IIS must to do with an existing response when the HTTP status code is an error.
One way is to configure the <httpErrors> element of <system.webServer> section in the Web.config file. Just set existingResponse attribute value to PassThrough, so that the server leaves the response untouched if an existing response exists.
<system.webServer>
<!-- configuration settings -->
<httpErrors errorMode="Custom" existingResponse="PassThrough" />
</system.webServer>
如果服务器提示您输入Windows用户帐户凭据,则配置可防止错误页面呈现.这 取消对话框后,响应将替换为错误页面.
The configuration prevent error page rendering if the sever prompts for a Windows user account credentials. The response will be replaced with the error page after the dialog cancellation.
通过HttpResponse的rel =" nofollow noreferrer> TrySkipIisCustomErrors 属性.所以
另外,从问题中将以下行添加到代码中可以解决问题:
The same result could be achieved by disabling of IIS custom errors through TrySkipIisCustomErrors property of HttpResponse. So the
addition the following line to code from the question solves the problem:
Context.Response.TrySkipIisCustomErrors = true;
注意. 由于某种原因,第二种方法在我的生产服务器上不起作用.我认为,这需要其他服务器设置.
这篇关于ASP.NET MVC应用程序的自定义401错误页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
