Forbidden - how?

  • Thread starter Thread starter Axel Dahmen
  • Start date Start date
A

Axel Dahmen

Hi,

in one of my pages I want to return "403 Forbidden" to the client depending
on some logic in my .aspx code-behind. So I set "Response.Status = 403". But
apparently IE seems to ignore the status and displays the page as usual.

When I cancel the output using Response.End(), nothing is displayed on the
browser, but actually what I'm expecting is this usual white page showing
the "Forbidden ask your administrator..." text.

What did I do wrong?

TIA,
Axel Dahmen
 
You might make this change directly in IIS. Go to the Custom Errors tab on
the Properties dialog for IIS. Note that IIS will always process website
errors like 403s and 404s first before using any methods within your
application.

One suggestion would be to replace the HTML files used within IIS with your
own ASPX files so you can control your own error messages.

Hope this helps!
 
You might make this change directly in IIS. Go to the Custom Errors tab on
the Properties dialog for IIS. Note that IIS will always process website
errors like 403s and 404s first before using any methods within your
application.

One suggestion would be to replace the HTML files used within IIS with your
own ASPX files so you can control your own error messages.

Hope this helps!
 
Hi Axel,

You can throw an HttpException providing the status code.

Best,
 
By the time the page gets to ASP.Net, it's too late to have IIS map the
request to the default 403 forbidden page (the page displayed to the browser
is an actual page on the server)

You can see this by going into IIS and seeing the Custom Errors tab. On
solution is to simply output the html you want. Response.Write("<h2>Go
Away</h2>");Response.End();

or you might be able to use the <error> element of the web.config:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrferror.asp

Not sure if this later trick will work.

Karl
 
Thanks, guys, for your valuable help! Actually until now I believed that
this page was generated by the browser somehow. I'm running a German W2K/IIS
so the 403.htm will always appear in German - well, or I would have to go
through the effort in translating the page myself... :(

Just for curiosity: What's the status code good for if the webserver can
send any content it likes anyway?

TIA,
Axel Dahmen

------------------
 
There are some status codes that force the browser to behave, such as 302
(redirect). You'd have to read the HTTP RFC to figure out your answer in
greater detail.

Karl
 
Back
Top