我正在尝试设置自定义错误页面,到目前为止,我有一个404 Not Found错误页面,该页面可以正常工作,但是我正在尝试为401 Unauthorized设置自定义错误页面,因此举一个例子:如果您尝试要输入需要某种管理员登录名的URL,它应显示401 Unauthorized错误。不管出现什么错误,尽管它会显示401未经授权的错误,但它会将我重定向到404 Not Found。
到目前为止,我一直在使用ActionFilterAttribute&IAuthorizationFilter,它显示默认的浏览器错误,但我希望它显示我的自定义错误页面(.cshtml)
public class UserAuthenticationFilter : ActionFilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
// Check session is empty then set as result is HttpUnauthorizedResult
if (string.IsNullOrEmpty(Convert.ToString(filterContext.HttpContext.Session["UserId"])))
{
filterContext.Result = new HttpUnauthorizedResult();
}
}
public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext)
{
if (filterContext.Result == null || filterContext.Result is HttpUnauthorizedResult)
{
filterContext.Result = new ViewResult
{
ViewName = "~/Error/NonSecure"
};
}
}
}
错误控制器
[HandleError]
public class ErrorController : Controller
{
public ActionResult Error()
{
return View();
}
public ActionResult NotFound()
{
return View();
}
public ActionResult NonSecure()
{
return View();
}
}
用户控制器。除非您被授权为用户,否则所有UserAuthenticationFilter标记都是不可访问的页面。
public class UserController : Controller
{
[UserAuthenticationFilter]
[HttpGet]
public ActionResult Management()
{
using (CarsDBEntities db = new CarsDBEntities())
{
return View(db.Users.ToList());
}
}
[UserAuthenticationFilter]
public ActionResult Register()
{
return View();
}
[UserAuthenticationFilter]
[HttpPost]
public ActionResult Register(User user)
{
if (ModelState.IsValid)
{
using (CarsDBEntities db = new CarsDBEntities())
{
db.Users.Add(user);
db.SaveChanges();
}
ModelState.Clear();
ViewBag.Message = user.FirstName + " " + user.LastName + " successfully registered.";
}
return View();
}
public ActionResult Login()
{
return View();
}
[HttpPost]
public ActionResult Login(User user)
{
using (CarsDBEntities db = new CarsDBEntities())
{
var usr = db.Users.FirstOrDefault(u => u.Email == user.Email && u.Password == user.Password);
if (usr != null)
{
FormsAuthentication.SetAuthCookie(usr.Email, false);
Session["UserId"] = usr.UserId.ToString();
Session["Email"] = usr.Email.ToString();
Session["FirstName"] = usr.FirstName.ToString();
Session["LastName"] = usr.LastName.ToString();
return RedirectToAction("LoggedIn");
}
else
{
ModelState.AddModelError("", "Email or Password is incorrect!");
}
return View();
}
}
[UserAuthenticationFilter]
public ActionResult LoggedIn()
{
if (Session["UserId"] != null)
{
return RedirectToAction("Management");
}
else
{
return RedirectToAction("Login");
}
}
[ValidateAntiForgeryToken]
[Authorize]
[HttpPost]
public ActionResult Logout()
{
FormsAuthentication.SignOut();
Session.Abandon();
return RedirectToAction("Login", "User");
}
}
NonSecure.cshtml
@model System.Web.Mvc.HandleErrorInfo
@{
ViewBag.Title = "NonSecure";
}
<div style="background-color: #A52A2A; color: White; height: 10px;">
</div>
<div style="background-color: #F5F5DC; color: red; height: 170px;">
<div style=" padding:20px;">
<h4>
Sorry, the page you are looking for is authorized. You need to login!
</h4>
<h6>@Html.ActionLink("Go Back To Home Page", "Login", "User")</h6>
<br />
<br />
</div>
</div>
<div style="background-color: #A52A2A; color: White; height: 20px;">
</div>
Web.config
<system.web>
<customErrors mode="On" redirectMode="ResponseRedirect">
<error statusCode="403" redirect="~/Error/NonSecure"/>
<error statusCode="404" redirect="~/Error/NotFound"/>
</customErrors>
<authentication mode="Forms">
<forms timeout="2800"></forms>
</authentication>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" />
<globalization uiCulture="en-US" />
</system.web>