The access denied page is not being redirected

Question

I am using a custom role provider in my asp.net mvc-4 web application.

In my 'CustomRoleProvider' class I extended 'RoleProvider' interface and I overrode the 'IsUserInRole', 'GetRolesForUser' and 'GetAllRoles' functions in the class. That works fine.

Now I'm trying to redirect a custom page(like: "~/Security/AccessDenied/Index") if an user try to access an action in which the user has no access. If a user try to do that by default it is redirecting to home page. To redirect my custom page I extended the 'AuthorizeAttribute' interface and I overrode 'OnAuthorization' function. But looks like the 'OnAuthorization' function never being called.

Here is my the code to extend the 'AuthorizeAttribute' interface:

public class AccessDeniedAuthorizeAttribute : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);

        if (filterContext.Result is HttpUnauthorizedResult)
        {
            filterContext.Result = new RedirectResult("~/Security/AccessDenied/Index");
        }
    }
}

Why the 'OnAuthorization' function is not being called? Need help...

Answer 1

You need to apply the custom attribute to actions or controllers (or add it as a general filter for all requests). Use your custom attribute instead of the Authorize attribute.

[AccessDeniedAuthorize(Roles="Admin")] 

should work.