CustomError IIS6 and JQuery Ajax exception handling

Question

I have an issue where there are two levels of exception handling happening.

I make an ajax request using jQuery, and from the server I throw back custom error exceptions; which is basically a statuscode 500 error.

This is picked up dynamically on my login page that I'm creating for things like, "user does not exist" or "password does not match". The user is not redirected to a new page, the status is simply updated as a status update. This currently works.

However, if the user successfully logs in, they get redirected to a page. This new page looks at whether or not a user has assigned roles to view a page or not. Since customerrors from the web.config was turned off, users would be taken to a yellow page of death; signifying that a user doesn't not have permissions or access is denied.

The logical way to handle this is by redirecting a page for 403 errors and configuring that in web.config:

<customErrors mode="RemoteOnly">    
    <error statusCode="403"   redirect="~/accessdenied.aspx"/>
</customErrors>

Now this works if users don't have sufficient roles, but by going back to the original thing with jQuery handling 500 error requests, I get empty messages and throws a javascript error that it doesn't know how to parse the error response.

Here's a similar question asked on stackoverflow, but it never helped:

jQuery ajax in ASP.NET with customErrors mode="On"

The difference between my question and that question is that the login handles the 403 and 500 errors. By my login handles 500 errors, and is taken to a new page that handles 403 errors. Adding changes to the web.config changes the entire site in error handling.

So to summarize.. with customerrors mode = off, jQuery exception works, but custom 403 redirects don't. With customerrors mode = on. jQuery exceptions don't work, but 403 redirect does.

Is there any ways to fix this that anyone can come up with? One way I thought was for the login to handle 403 as well, and hope that roles matched from login will match roles in the incoming page. But I'm iffy on that because the login system resides on a different system than the page its redirecting to.

Answer 1

Well, I opted to get rid of the customerror, and just throw a custom 403 exception from the server, which javascript will intercept. Then I redirect to an accessdenied page.

So this is my c# code

if (!allowedRoles)
{
     Logout();
     throw new HttpException(403, "User does not have permissions to view this page");
}

Then in my jquery:

function onLoginError(error, textStatus) {
    var jsonErrorData = JSON.parse(error.responseText).Message;
    $('#status').text(jsonErrorData );
}

and my web.config

<customErrors mode="Off"></customErrors>