+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / HTTP Error 401.0 - Unauthorized

HTTP Error 401.0 - Unauthorized

7 posts, 0 answered
  1. David Bruce Muir
    David Bruce Muir avatar
    15 posts
    Registered:
    07 Nov 2008
    31 Aug 2012
    Link to this post
    Hello,

    One the 5.1 platform, when Anonymous user is trying to load a page with restricted rights (only for authorized) he gets this error.

    HTTP Error 401.0 - Unauthorized
    You do not have permission to view this directory or page.


    Instead of this error, I would like to send the user to the sign up page.


    Here are our current values web.config

          <customErrors mode="On" defaultRedirect="~/Login.aspx">
              <error statusCode="401" redirect="~/Login.aspx" />
              <error statusCode="403" redirect="~/Login.aspx" />
              <error statusCode="404" redirect="~/Login.aspx" />
          </customErrors>   


    Here are our current values Global.asax

            protected void Application_Error(object sender, EventArgs e)
            {
                var currentPage = HttpContext.Current.Request.Url.ToString();
                Exception ex = Server.GetLastError();
                if (ex.Message == "The remote server returned an error: (401) Unauthorized.")
                {
                    Response.Redirect("~/login.aspx?returnurl=" + currentPage);
                    Server.ClearError();
                }
        }

    Any help will be greatly appreciated.  We've been fighting this issue for too long now and the client's getting grumpy.  Thanks!
  2. Pierre Alain
    Pierre Alain avatar
    38 posts
    Registered:
    10 Jun 2008
    13 Nov 2012 in reply to David Bruce Muir
    Link to this post
    I just upgraded to 5.2 and now I'm getting those 401.

    On the previous version (5.0), I was getting 403, which were handled in global.asax and it work great, but now with 5.2, I get 401 and it doesn't work when trying to catch them in Application_Error.
  3. Ben
    Ben avatar
    44 posts
    Registered:
    27 Sep 2012
    21 Jan 2013
    Link to this post
    Recently upgraded a site from 4.3 to 5.2 and now the 401 code in the Global.asax.cs file doesn't run, the other events do. What gives?
  4. Pierre Alain
    Pierre Alain avatar
    38 posts
    Registered:
    10 Jun 2008
    21 Jan 2013 in reply to Ben
    Link to this post
    Here's the reply I got from support:
    Let's start with how authentication works in Sitefinity. There are two possible situations:You have a user, who's logged in, but doesn't have permissions to see a page. In this case an error of 403 Forbidden is raised.An anonymous user is accessing a page, which is visible for authenticated users only. In this case a 401 Unauthorized error message is generated, which is handled by our source code and results in a 302 response.
    The above cases are valid for both Forms and Claims based authentication and their implementation follows the HTTP protocol specification, which can be found here.

    In Siteifnity 5.2 there is an event for unauthorized access on front end page, where you can redirect the response depending on your needs. You can take a look on the attached file for an example how to perform the redirect. I hope you will find it useful although it is not just a configuration, but it is much more flexible.


    Here's the code from the attached Global.asax:

    protected void Application_Start(object sender, EventArgs e)
            {
                Bootstrapper.Initialized += new EventHandler<Telerik.Sitefinity.Data.ExecutedEventArgs>(Bootstrapper_Initialized);
            }
     
            void Bootstrapper_Initialized(object sender, Telerik.Sitefinity.Data.ExecutedEventArgs e)
            {
                EventHub.Subscribe<IUnauthorizedPageAccessEvent>(new Telerik.Sitefinity.Services.Events.SitefinityEventHandler<IUnauthorizedPageAccessEvent>(OnUnauthorizedAccess));
            }
     
            void OnUnauthorizedAccess(IUnauthorizedPageAccessEvent unauthorizedEvent)
            {
                var url = unauthorizedEvent.Page.Url.TrimStart('~');
                if (unauthorizedEvent.Page.Title.Contains("pp"))
                    unauthorizedEvent.HttpContext.Response.Redirect("~/p1");
                else
                    unauthorizedEvent.HttpContext.Response.Redirect("~/");
            }
  5. Ben
    Ben avatar
    44 posts
    Registered:
    27 Sep 2012
    21 Jan 2013 in reply to Pierre Alain
    Link to this post

    Thanks Pierre! Any chance you still have the attached file they referenced and if so can you add it to the post?

    -Ben

  6. Pierre Alain
    Pierre Alain avatar
    38 posts
    Registered:
    10 Jun 2008
    21 Jan 2013 in reply to Ben
    Link to this post
    I edited my reply to include the code.
  7. Ben
    Ben avatar
    44 posts
    Registered:
    27 Sep 2012
    21 Jan 2013 in reply to Pierre Alain
    Link to this post

    Awesome, thanks!

    -Ben

7 posts, 0 answered