Search This Blog

Monday, May 9, 2011

Handling Access Denied / Authorization Failures

Many a times we are into a situation that we have to handle Authorization Failures. Let’s see how we can handle it by using SPUtility.

·         SPUtility has a method that handles “Access Denied” exceptions and redirects the user to the “Access Denied” page. This method takes Exception object as a parameter. If any kind of Security Exception occured than this methos will handle it as shown below:
        try {
                 //Code
             }
             catch (SecurityException secExptn)
             {
                 SPUtility.HandleAccessDenied(secExptn);
             }

·         SPUtility.Redirect Method can also be used if you want to redirect the user to Sharepoint AccessDenied Page. We can use this method as shown below:

SPUtility.Redirect(SPUtility.AccessDeniedPage,SPRedirectFlags.RelativeToLayoutsPage,httpContext);

·         SPUtility.EnsureSiteAdminAccess(objSPWeb);

This method can be used to determine whether the current user is a site administrator of the specified web or not. If the current user is not the administrator than it will prompt for the administrator credentials and if the user fails to supply the administrator’s credentials than it will open the error page. It will take SPWeb onject as a parameter.

·         SPUtility.SendAccessDeniedHeader(SecExp);

This method is used to send an HTTP 401 (Access Denied) header to the user.
This method will prompt for the new credentials to the user. If the user fails to supply the correct credentials than this methods takes the user to “Access Denied” page.

No comments:

Post a Comment