0

I have an issue where there are two levels of exception handling happening.

I make an ajax request using jQuery, and from the server I throw back custom error exceptions; which is basically a statuscode 500 error.

This is picked up dynamically on my login page that I'm creating for things like, "user does not exist" or "password does not match". The user is not redirected to a new page, the status is simply updated as a status update. This currently works.

However, if the user successfully logs in, they get redirected to a page. This new page looks at whether or not a user has assigned roles to view a page or not. Since customerrors from the web.config was turned off, users would be taken to a yellow page of death; signifying that a user doesn't not have permissions or access is denied.

The logical way to handle this is by redirecting a page for 403 errors and configuring that in web.config:

<customErrors mode="RemoteOnly">    
    <error statusCode="403"   redirect="~/accessdenied.aspx"/>
</customErrors>

Now this works if users don't have sufficient roles, but by going back to the original thing with jQuery handling 500 error requests, I get empty messages and throws a javascript error that it doesn't know how to parse the error response.

Here's a similar question asked on stackoverflow, but it never helped:

jQuery ajax in ASP.NET with customErrors mode="On"

The difference between my question and that question is that the login handles the 403 and 500 errors. By my login handles 500 errors, and is taken to a new page that handles 403 errors. Adding changes to the web.config changes the entire site in error handling.

So to summarize.. with customerrors mode = off, jQuery exception works, but custom 403 redirects don't. With customerrors mode = on. jQuery exceptions don't work, but 403 redirect does.

Is there any ways to fix this that anyone can come up with? One way I thought was for the login to handle 403 as well, and hope that roles matched from login will match roles in the incoming page. But I'm iffy on that because the login system resides on a different system than the page its redirecting to.

4

1 回答 1

0

好吧,我选择摆脱 customerror,只是从服务器抛出一个自定义的 403 异常,javascript 将拦截该异常。然后我重定向到一个拒绝访问的页面。

所以这是我的 C# 代码

if (!allowedRoles)
{
     Logout();
     throw new HttpException(403, "User does not have permissions to view this page");
}

然后在我的jQuery中:

function onLoginError(error, textStatus) {
    var jsonErrorData = JSON.parse(error.responseText).Message;
    $('#status').text(jsonErrorData );
}

和我的 web.config

<customErrors mode="Off"></customErrors>
于 2013-06-03T22:17:42.870 回答