Redirect user to specific page if unauthorised

Vote:
 

I am building a website and we are using a virtual role to restrict access to certain parts of the site. I have tested this and it works correctly but now I just get a 401 error page when I go to one of the pages and IsInVirtualRole returns false. What I would like to do is redirect the user to a specific login page if they are unauthorised to view a page due to not being in this specific virtual group.

How can I do this?

#221765
Apr 24, 2020 13:47
Vote:
 

Hi Sam

You could try replacing the default implementation of EPiServer.Web.IAccessDeniedHandler with your own implementation.

Be aware that AJAX requests and static file requests will not expect to be redirected on failure. So you might want to keep sending 401 status for those requests.

#221816
Apr 26, 2020 5:38
Vote:
 

The solution posted by @Setfan Holm Olson is the best approach, however i found that this did not work for my website as we are using AD for the admin authentication as outlined in this guide:
https://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Security/integrate-azure-ad-using-openid-connect/
If you are using this approach then you will need to add code to the startup.cs file as the 401s won't reach the AccessDeniedHandler.

#222272
May 01, 2020 17:26
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.