如何prevent IIS7处理HTTP状态code 401？ [英] How to prevent IIS7 for handling HTTP status code 401?

问题描述

我的工作我的ASP.NET MVC 2项目。我创建异常过滤器捕捉时出现的用户不具有权限查看某些操作未授权的访问异常。

  [CustomError（typeof运算（UnauthorizedAccessException），错误，UnauthorizedAccess）]
公共类myController的：BaseController
{
}
 

异常被抛出之后，我的过滤器将转移到配置的控制器/动作就是下面的方法。

 公众的ActionResult UnauthorizedAccess（ExceptionContext上下文）
{
    Response.Status code = CustomHttpStatus code.UnauthorizedUser;    返回查看（模型）;
}
 

最后，在ASP.NET应用程序结束这个请求，它会调用下面的方法位于Global.ascx改变自定义HTTP状态code到HTTP状态401（未授权访问）。

 公共无效Application_EndRequest（对象发件人，EventArgs的发送）
{
    如果（Response.Status code == CustomHttpStatus code.UnauthorizedUser）
    {
        Response.Status code = 401;
    }
}
 

一切都是我的机器做工精细（IIS 7.5）。不过，这并不在我的网站上部署工作。它仍然会返回纯文本的您没有权限查看该目录或页面。，而不是我的自定义错误页。

PS。以下配置是我这种情况下当前的web.config。

 ＆LT;？XML版本=1.0编码=UTF-8＆GT？;
  ＆LT;结构＆gt;
    ＆LT;＆的System.Web GT;
      ＆LT;的customErrors模式=ON＆GT;＆LT; /＆的customErrors GT;
    ＆LT; /system.web>
    ＆LT; system.webServer＆GT;
      ＆LT; httpErrors errorMode =自定义＆GT;
         ＆LT;清除状态code =502子状态code = -  1/＆GT;
         ＆LT;清除状态code =501子状态code = -  1/＆GT;
         ＆LT;清除状态code =500子状态code = -  1/＆GT;
         ＆LT;清除状态code =412子状态code = -  1/＆GT;
         ＆LT;清除状态code =406子状态code = -  1/＆GT;
         ＆LT;清除状态code =405子状态code = -  1/＆GT;
         ＆LT;清除状态code =404子状态code = -  1/＆GT;
         ＆LT;清除状态code =403子状态code = -  1/＆GT;
         ＆LT;清除状态code =401子状态code = -  1/＆GT;
      ＆LT; / httpErrors＆GT;
    ＆LT; /system.webServer>
  ＆LT; /结构＆gt;
 

解决方案

我刚刚发现了这个问题的简单的解决方案。我只是在添加新设置web.config文件中像下面code。一切工作正常在我的网站上部署

 ＆LT;？XML版本=1.0编码=UTF-8＆GT？;
  ＆LT;结构＆gt;
    ＆LT; system.webServer＆GT;
      ＆LT; httpErrors errorMode =自定义existingResponse =直通＆GT;
          ＆LT;清除状态code =502子状态code = -  1/＆GT;
          ＆LT;清除状态code =501子状态code = -  1/＆GT;
          ＆LT;清除状态code =500子状态code = -  1/＆GT;
          ＆LT;清除状态code =412子状态code = -  1/＆GT;
          ＆LT;清除状态code =406子状态code = -  1/＆GT;
          ＆LT;清除状态code =405子状态code = -  1/＆GT;
          ＆LT;清除状态code =404子状态code = -  1/＆GT;
          ＆LT;清除状态code =403子状态code = -  1/＆GT;
          ＆LT;清除状态code =401子状态code = -  1/＆GT;
      ＆LT; / httpErrors＆GT;
    ＆LT; /system.webServer>
  ＆LT; /结构＆gt;
 

因此​​，我既可以在纯文本和JSON响应过创建自定义错误页。

有关详细信息： HttpErrorsSection类

PS。但我不能找到 existingResponse 在IIS管理器中的错误页面的功能属性。

I'm working my ASP.NET MVC 2 project. I create exception filter for catching unauthorized access exception that occur when user does not has permission to view some action.

[CustomError(typeof(UnauthorizedAccessException), "Error", "UnauthorizedAccess")]
public class MyController : BaseController
{
}

After exception has been thrown, my filter will transfer to configured controller/action that is the following method.

public ActionResult UnauthorizedAccess(ExceptionContext context)
{
    Response.StatusCode = CustomHttpStatusCode.UnauthorizedUser;

    return View(model);
}

Finally, before ASP.NET application end this request, it will call the following method that located in Global.ascx for changing custom HTTP status code to HTTP status 401(unauthorized access).

public void Application_EndRequest(object sender, EventArgs e)
{
    if (Response.StatusCode == CustomHttpStatusCode.UnauthorizedUser)
    {
        Response.StatusCode = 401;
    }
}

Everything is work fine on my machine (IIS 7.5). But it does not work on my deploy website. It still return plain text "You do not have permission to view this directory or page." instead of my custom error page.

PS. The following config is my current web.config for this case.

  <?xml version="1.0" encoding="UTF-8"?>
  <configuration>
    <system.web>
      <customErrors mode="On"></customErrors>
    </system.web>
    <system.webServer>
      <httpErrors errorMode="Custom">
         <remove statusCode="502" subStatusCode="-1" />
         <remove statusCode="501" subStatusCode="-1" />
         <remove statusCode="500" subStatusCode="-1" />
         <remove statusCode="412" subStatusCode="-1" />
         <remove statusCode="406" subStatusCode="-1" />
         <remove statusCode="405" subStatusCode="-1" />
         <remove statusCode="404" subStatusCode="-1" />
         <remove statusCode="403" subStatusCode="-1" />
         <remove statusCode="401" subStatusCode="-1" />
      </httpErrors>
    </system.webServer>
  </configuration>

解决方案

I just found easy solution for this problem. I just add new setting in to web.config file like the following code. Everything works fine on my deployment website.

  <?xml version="1.0" encoding="utf-8"?>
  <configuration> 
    <system.webServer>
      <httpErrors errorMode="Custom" existingResponse="PassThrough">
          <remove statusCode="502" subStatusCode="-1" />
          <remove statusCode="501" subStatusCode="-1" />
          <remove statusCode="500" subStatusCode="-1" />
          <remove statusCode="412" subStatusCode="-1" />
          <remove statusCode="406" subStatusCode="-1" />
          <remove statusCode="405" subStatusCode="-1" />
          <remove statusCode="404" subStatusCode="-1" />
          <remove statusCode="403" subStatusCode="-1" />
          <remove statusCode="401" subStatusCode="-1" />
      </httpErrors>
    </system.webServer>
  </configuration>

So I can create custom error page both in plain text and JSON response too.

For more information: HttpErrorsSection Class

PS. But I cannot found existingResponse attribute in Error Pages feature of IIS manager.

这篇关于如何prevent IIS7处理HTTP状态code 401？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！