Common Handling of Unauthorized Access to Website Page?

Cesar San Jose · December 2013

Is there a common way of handling unauthorized access to website pages? We have a page that should only allow users with a certain access feature to view (we handle the access point as well but that is in JavaScript and can easily be duped). When we return an HTTP response of 401, a blank page is displayed instead of a user friendly message.

Andrew Gerber · December 2013

There are an assortment of views we use for similar purposes... one of these might work for you: -
BlockView.aspx -
ContentCannotBeDisplayed.aspx -
UnauthorizedDocumentView.aspx -
PageNotFoundInSession.aspx Otherwise, you could probably just create one with the message you need. It probably makes sense to create a generic page that allows custom text. The HTML/styling you want should probably match `
BlockView.aspx` to be consistent with the rest of the app.

James Greene · December 2013

Typically a `401` response results in the user being redirected to the sign on screen, so I'm curious where the blank page is coming from.

Cesar San Jose · December 2013

When it fails the access control check, we return a 401 error. We don't construct a viewmodel. In the base controller, if the viewmodel is null then it does nothing.

James Greene · December 2013

Oh, OK, I didn't realize you were talking about the Website server-side part of the flow.

Cesar San Jose · December 2013

Thank you! I'll try one of these.

Cesar San Jose · December 2013

Thank you!

Common Handling of Unauthorized Access to Website Page?

Best Answer

Answers

Categories