-
Notifications
You must be signed in to change notification settings - Fork 111
Passing more than Status Code to the Error action #316
Comments
Are you throwing an exception from your authorization check? If so that exception is added to the HttpContext via a Feature: |
@Tratcher that is interesting, however I think the problem is the claim authorization check (which is done internally in MVC somewhere) doesn't throw error. That claim is what was also asked in aspnet/Security#872 for the status code pages. Could there be a workaround to force claim requirement checking done by MVC code to throw an error with claim inside? |
Could we add something to the context? Exceptions are a horrible idea as you've stated. |
Filed aspnet/Security#901 to track figuring out this general issue of how to expose which requirements didn't pass in Security |
Due to aspnet/Security#901 being 2.0.0, moving this as well. |
This issue was moved to dotnet/aspnetcore#2591 |
Currently there is a problem with the way JSON error results are handled e.g.: aspnet/Security#872 and aspnet/Security#699 there is no easy way to pass more than status code to your Error action that shows the error page or JSON result.
Sometimes it would be nice to have a reason in the result e.g. "Insufficient rights, because you are not an employee" or in JSON
{ "error" : "FORBIDDEN", "requires" : ["EmployeeOnly"] }
to show a dialog why you are forbidden to see the page.But since only thing the error handler gets is the status code it can't determine the extra requirement, claim in this case.
Imagine the situation that you have this:
Then this as a Error handler for status code pages:
The text was updated successfully, but these errors were encountered: