This project is read-only.

Preventing redirect to Access Denied page on 401

Topics: Writing modules
May 5, 2012 at 11:14 PM

Is there a way to return a HttpUnauthorizedResult from an action (or otherwise setting the response status code to 401) and not redirecting to the default Access Denied page?

I see it's wired into the Web.config...

Thanks in advance!

May 10, 2012 at 11:02 PM

Nobody has a hint?

May 10, 2012 at 11:09 PM

I think it's wired in the FormsAuthentication module because I had to fix it in Web API.


May 11, 2012 at 11:32 AM

Thanks a lot! That really cleared things up, I see that no matter what, FormsAuthentication will do a redirect to something, even if there is no url set in the Web.config. I see there is a standard property for removing this behaviour in .NET 4.5. In the meantime I think I'll just use a similar workaround (btw this small project contains a very simple http module implementation to switch redirecting on or off, base on the http context); this is antipathetic hacking but there really is no other solution.

May 11, 2012 at 2:28 PM

Looks like registering http modules alone from an Orchard module is not possible, so I'll just wait for the update.