UnauthorizedAccessException() class error_问答_开发者

UnauthorizedAccessException() class error

开发者 https://www.devze.com 2023-02-16 19:38 出处：网络

I have an application that uses its own authorization to determine if a user has access to pages.I want to display a more friendly \"access denied\" page in the event that access denied.In the MasterP

相关专题：asp.net

I have an application that uses its own authorization to determine if a user has access to pages. I want to display a more friendly "access denied" page in the event that access denied. In the MasterPage...

        if (!authorize) 
        { 
            throw new UnauthorizedAccessException(); //error occurs here, looks like I'm not allowed to use this class
        }

In the web.config

<customErrors mode="Off" defaultRedirect="~/ErrorPages/ErrorPage.asp开发者_C百科x"> 
  <error statusCode="403" redirect="AccessDeniedPage.aspx" /> 
</customErrors>I get the error below.

It appears that I get the error just as a result of just trying to instantiate/use the UnauthorizedAccessException() class. I'd like to do it this way, is there a way to use this?

 /**************************************************************************************************************************
Attempted to perform an unauthorized operation. 

Exception Details: System.UnauthorizedAccessException: Attempted to perform an unauthorized operation. 

ASP.NET is not authorized to access the requested resource. Consider granting access  rights to the resource to the ASP.NET request identity. ASP.NET has a base process  identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6 and IIS 7, and  the configured application pool identity on IIS 7.5) that is used if the application is  not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated  request user. 
*************************************************************************************************************************/

As Fredrik says, you are throwing an error, so you get an error. If you want to just instantiate the exception don't use throw.

UnauthorizedAccessException uae = new UnauthorizedAccessException("some message");

But again, this just creates an exception; soon as you throw it, you will get the message you are already getting.

Why not just redirect? Response.Redirect("~/AccessDeniedPage.aspx", False);

If you really wanted to use the exception, you could continue to throw the exception as you are but also handle the exception in the Application_Error event of the Global.asax file. In the Application_Error event, test if the exception is an UnauthorizedAccessException, and if so, redirect the user to AccessDeniedPage.aspx. Basic use of Application_Error: MSDN

Well, you are throwing an UnauthorizedAccessException. If there is no try-catch that catches it, the code will crash there. I think that the exception that you see, is your exception.