Hi,
I have added, AbpAuthorize attribute as follows on my ProductGroup Controller class. [AbpAuthorize(AppPermissions.Pages_Products_ProductGroup)]
Now when a user who do not have permission on ProductGroup, type in the URL of <a class="postlink" href="http://localhost:62114/Mpa/ProductGroup">http://localhost:62114/Mpa/ProductGroup</a>, then instead of throwing the error page of UnAuthorized Access (i.e. Error403.cshtml), it throws him to the login page.
Could you please advise what am I doing wrong. I want the user to show the Unauthorized Page (i.e. Error403.cshtml). How can I achieve this?
Regards, Mahendra
3 Answer(s)
-
0
hi,
if the user has not permission then you shouldn't show the link to the user and hide the link. only show the links that user has granted permission.
-
0
That, I am already doing. Question is if user manually type in the URL in which he does not have the permission, then instead of sending the user to the login page I want to show him the page with the message "You don't have permission'. How can I achieve this?
Regards, Mahendra
-
0
@pankajmathur are you using ASP.NET Core or MVC 5.x ?
If you are using ASP.NET Core, then this should be automatically if you are not in development mode. See <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/blob/master/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Web.Mvc/Startup/Startup.cs#L123">https://github.com/aspnetzero/aspnet-ze ... up.cs#L123</a>
