SecurityException

MVC Custom errors, HTTP status codes and SecurityException

We use Windows Identity Foundation in my current project. WIF introduced the Claim based authorization in .NET 4.5 which is a welcomed addition since we were forced to use outdated tools like EnterpriseLibraries Rule authorization to achieve something similar before it.

Whenever a claim is not met WIF will throw a System.Security.SecurityException exception which will not play nicely with MVC Custom errors because it will render a status 500 instead of the correct status 403. This is not very user friendly since the user will think something is wrong instead of understanding that he or she needs to order additional privileges to access said part of the system.

The solution is really simple and I did not find it when googling, thus this blog post 😀 (more…)

Advertisements