Using forms auth, can I return a 404 from an inaccessible page, rather than redirecting to the login page?

Using forms authentication, is it possible to return a 404 if a user doesn't have access to content, rather than redirecting them somewhere?

I realize I could send them to a 404-ish page, or redirect to a login page that doesn't开发者_开发知识库 exist, but I really want to return a 404 from the page they were attempting to access.

Possible?

---

Better would be to send them to a 403 (Forbidden) page, but still have it look like a normal page from your site.

---

You should think of customized 404 pages with recommended navigational options when website visitors request pages that return a 404 response code. So I am in support of sending users to a 404-ish page with search options, other navigational links along with a notification that the user has reached a page that does not exist

---

You are going to have a hard time catching a 403 much less redirect it.

There is a long standing 'bug' in the forms authentication module that simply dumps 'under-authorized' to the registered login page with a 200 OK.

So, not only can you not easily catch a 403 - from my experience 403 has never been a viable candidate for a custom error page. I am not sure why MS has left it in the default web.config for 10 years.

In any case, I have developed a module that will fix this behavior, the code and details can be found here: http://www.codeproject.com/Articles/39062/Salient-Web-Security-AccessControlModule.aspx

The language of the article is tilted towards ajax type requests, but the module is designed with webform based forms authentication in mind as well.

The default configuration will give you the ability to process 403 with a custom error page which can be a simple handler that generates a 404, which will in turn be processed by any custom 404 page you have defined, if any.