Custom error page when using Owin

Asked 16/4, 2015 at 10:31 Answered 31/1, 2017 at 12:18

c#authentication asp.net-web-api owin custom-error-pages

I'm using Owin to host WebAPI Controllers. I have Owin middleware which performs authentication and sets the following if authentication fails:

context.Response.StatusCode = (int) HttpStatusCode.Unauthorized;

When this happens I want to display a HTML page with some instructions to the user. (Like, "You need to log on.")

At the moment I'm just redirecting the user to a accessdenied.html-page, but I would prefer if the access denied was shown directly without the user being redirected (I don't want the Location field in the web browser to change).

I assume I could just generate the HTML on the fly and adding it to the response, for example by reading the HTML content from a resource.

My question is: Is it possible to do display a custom access-denied error page automatically using configuration? In "traditioinal" ASP.NET, it was possible to set up customErrors in web.config, but this does not appear to work with Owin selfhost:

<customErrors>
  <error statusCode="401" redirect="~/accessdenied.html"/>
</customErrors>

Waldenburg answered 16/4, 2015 at 10:31 Comment(0)

In a previous project of mine I had to use an Owin middleware like this:

       app.Use((owinContext, next) =>
        {          
            return next().ContinueWith(x =>
            {
                if (owinContext.Response.StatusCode == 500 /*or 401 , etc*/)
                {                        
                    //owinContext.Response.Redirect(VirtualPathUtility.ToAbsolute("~/Home/Error"));
                    //this should work for self-host as well
                    owinContext.Response.Redirect(owinContext.Request.Uri.AbsoluteUri.Replace(request.Uri.PathAndQuery, request.PathBase + "/Home/Error"));
                }
            });                
        });

you have to register the middleware before all the others.

In this case I'm redirecting the user to an Error view, but as general practice I would say it's better to have an HTML static page.

Actually I think there's an extension request for handling global exceptions. Have a look at this link...

Salvage answered 24/4, 2015 at 16:6 Comment(4)

This won't work for self-hosts, because VirtualPathUtility is a part of System.Web and requires IIS to work properly. – Impulsion 10/6, 2015 at 15:15

You should use this instead: request.Uri.AbsoluteUri.Replace(request.Uri.PathAndQuery, request.PathBase + "/Home/Error") – Salvage 25/6, 2015 at 16:16

If you do Response.Redirect, it will change HTTP status code to 302. – Aisha 12/8, 2016 at 10:37

owin context gives you an option to redirect. – Bassarisk 31/1, 2017 at 12:19

I came across the same issue. I tried setting StatusCode and then doing Redirect to 401 page. But Redirect changes StatusCode to 302.

I came up with solution of reading 401.html writing it to Response. It worked for me.

context.Response.StatusCode = 401;
var path = HttpContext.Current.Server.MapPath("/401.html");
var html = System.IO.File.ReadAllText(path, Encoding.UTF8);
context.Response.Write(html);

Aisha answered 12/8, 2016 at 10:41 Comment(1)

owin context gives you an option to redirect. – Bassarisk 31/1, 2017 at 12:19

-1

owin provides you an option to redirect to your error page

context.Response.Redirect(errUrl); //context is the owinContext

You don't need to have any special RedirectResult or RedirectToAction Method.

Bassarisk answered 31/1, 2017 at 12:18 Comment(1)

The problem with this is that you only get the 404 error code once you have invoked the 'next' middleware. which sends an error to the user – Mealworm 8/9, 2017 at 17:27

Recommended topics

Hot tags