如何防止 IIS7 处理 HTTP 状态码 401? [英] How to prevent IIS7 for handling HTTP status code 401?

问题描述

我正在处理我的 ASP.NET MVC 2 项目.我创建了异常过滤器来捕获当用户无权查看某些操作时发生的未经授权的访问异常.

I'm working my ASP.NET MVC 2 project. I create exception filter for catching unauthorized access exception that occur when user does not has permission to view some action.

[CustomError(typeof(UnauthorizedAccessException), "Error", "UnauthorizedAccess")]
public class MyController : BaseController
{
}

抛出异常后，我的过滤器将转移到配置的控制器/动作，即以下方法.

After exception has been thrown, my filter will transfer to configured controller/action that is the following method.

public ActionResult UnauthorizedAccess(ExceptionContext context)
{
    Response.StatusCode = CustomHttpStatusCode.UnauthorizedUser;

    return View(model);
}

最后，在 ASP.NET 应用程序结束此请求之前，它会调用位于 Global.ascx 中的以下方法将自定义 HTTP 状态码更改为 HTTP 状态 401(未授权访问).

Finally, before ASP.NET application end this request, it will call the following method that located in Global.ascx for changing custom HTTP status code to HTTP status 401(unauthorized access).

public void Application_EndRequest(object sender, EventArgs e)
{
    if (Response.StatusCode == CustomHttpStatusCode.UnauthorizedUser)
    {
        Response.StatusCode = 401;
    }
}

在我的机器(IIS 7.5)上一切正常.但它不适用于我的部署网站.它仍然返回纯文本您无权查看此目录或页面."而不是我的自定义错误页面.

Everything is work fine on my machine (IIS 7.5). But it does not work on my deploy website. It still return plain text "You do not have permission to view this directory or page." instead of my custom error page.

PS.以下配置是我当前针对此案例的 web.config.

PS. The following config is my current web.config for this case.

  <?xml version="1.0" encoding="UTF-8"?>
  <configuration>
    <system.web>
      <customErrors mode="On"></customErrors>
    </system.web>
    <system.webServer>
      <httpErrors errorMode="Custom">
         <remove statusCode="502" subStatusCode="-1" />
         <remove statusCode="501" subStatusCode="-1" />
         <remove statusCode="500" subStatusCode="-1" />
         <remove statusCode="412" subStatusCode="-1" />
         <remove statusCode="406" subStatusCode="-1" />
         <remove statusCode="405" subStatusCode="-1" />
         <remove statusCode="404" subStatusCode="-1" />
         <remove statusCode="403" subStatusCode="-1" />
         <remove statusCode="401" subStatusCode="-1" />
      </httpErrors>
    </system.webServer>
  </configuration>

推荐答案

可以通过两种方式传递IIS7默认错误信息

You can pass through IIS7 default error messages in two ways

一种是设置response.TrySkipIisCustomErrors为true

One is to set response.TrySkipIisCustomErrors to be true

response.TrySkipIisCustomErrors = true;
response.Status = response.Status;

由于某种原因，如果您不设置 response.Status，则不会使用 TrySkipIisCustomErrors.

For some reason, TrySkipIisCustomErrors is not honoured if you don't set response.Status.

另一种是在web.config中设置existingResponse为PassThrough"

The other is to set existingResponse to "PassThrough" in web.config

<configuration>
  <system.webServer>
    <httpErrors existingResponse="PassThrough" />
  </system.webServer>
</configuration>

但这会忽略所有设置的 IIS 自定义错误页面.

But this will ignore all set IIS custom error pages.

这篇关于如何防止 IIS7 处理 HTTP 状态码 401?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！