Typically when you aren't authorized to access a page, ASP.NET redirects you to the login page again, which is kind of a weird choice in my opinion. With gateway authentication enabled, you could get caught in a redirect loop. You'd get redirected to the CAS server, it would see that you're already authenticated, kick you back to the .NET login page. The .NET login page would redirect you to the page you aren't authorized to access, which would restart the loop.
We added an option in the casConfiguration in web.config which I believe is called notAuthorizedUrl. If you end up accessing a page that you aren't authorized to access, you get redirected there. It's crucial that your authorization rules don't restrict access to that page. Other than that, you can customize that page however you like. -Scott On Fri, Feb 21, 2014 at 5:17 AM, davidinho <[email protected]> wrote: > Hi, I'm using the example for .net client. (ExampleWebSite) > For USER not authorized I'm getting the following error... > I wish I could redirect to a specified webpage where a Friendly message > says. > You are not authorized to view this page. > Anyone can help me? > David > > Invalid user name > Description: An unhandled exception occurred during the execution of the > current web request. Please review the stack trace for more information > about the error and where it originated in the code. > > Exception Details: System.Configuration.Provider.ProviderException: Invalid > user name > > Source Error: > > > Line 128: > Line 129: // Return role names > Line 130: return roles; > Line 131: } > Line 132: > > Source File: e:\CAS_Dev\App_Code\ReadOnlyXmlRoleProvider.cs Line: 130 > > Stack Trace: > > > [ProviderException: Invalid user name] > Example.ReadOnlyXmlRoleProvider.GetRolesForUser(String username) in > e:\CAS_Dev\App_Code\ReadOnlyXmlRoleProvider.cs:130 > System.Web.Security.RolePrincipal.IsInRole(String role) +12321845 > > > System.Web.Configuration.AuthorizationRule.IsTheUserInAnyRole(StringCollection > roles, IPrincipal principal) +192 > System.Web.Configuration.AuthorizationRule.IsUserAllowed(IPrincipal > user, > String verb) +233 > > > System.Web.Configuration.AuthorizationRuleCollection.IsUserAllowed(IPrincipal > user, String verb) +241 > System.Web.Security.UrlAuthorizationModule.OnEnter(Object source, > EventArgs eventArgs) +12673420 > > > System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() > +80 > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& > completedSynchronously) +165 > > > > > > -- > View this message in context: > http://jasig.275507.n4.nabble.com/NET-client-example-webpage-tp4662014.html > Sent from the CAS Developers mailing list archive at Nabble.com. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
