How throw custom http status code during Ajax(Post) request

I need to throw HttpException during AjaxRequest in Controller and CustomFilterAttribute

When I throw Exception in Controller with 403 error

[HttpPost]
[CustomAuthorize]
public ActionResult AjaxSelectBinding()
{
     // 403 Error code
     throw new HttpException((int)HttpStatusCode.Forbidden, "Forbidden");
}

In client script I always get the result code - 500

 $.ajax({
            type: 'POST',
            url: '/Groups/AjaxSelectBinding',
            success: function(data) {
            },
            error: function (xhr, ajaxOptions, thrownError) {
                 // HERE I GET ALWAYS 500 ERROR CODE
            }
        });

How can I throw HttpException in my FilterAttribute and get this code in client page. I try do this, but I get 200 status code:

public class CustomAuthorize : AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);

        SharedControllerBase ctrl = (SharedControllerBase)filterContext.Controller;

        if (!ctrl.User.Identity.IsAuthenticated &&
             filterContext.HttpContext.Request.IsAjaxRequest())
        {
            filterContext.HttpContext.Response.TrySkipIisCustomErrors = true;
            filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
        }
    }

When I try throw Exception in FilterAttribute I get 500 Status Code again

Answers


First things first HttpStatusCode.Unauthorized = 401, not 403 status code. There is an important distinction between those 2 codes.

When you set the status code to 401 some nasty things happen: you automatically get redirected to the Login page by the ASP.NET Forms authentication module => the login page is served with status code = 200. Phil Haack addressed this issue in the following blog post.

As far as throw new HttpException((int)HttpStatusCode.Forbidden, "Forbidden"); is concerned in your controller action, well, you throw an exception that is of type HttpException and whose StatusCode is set to 401 but other than that there is absolutely nothing that will catch this exception and set the corresponding response status code. So the exception bubbles up and since you don't presumably have a global exception handler it is translated as a 500 error page by the server.

Here's an example of a global exception handler that you might find useful.


Need Your Help

Need some help on Cookie Handling and session in python

python google-app-engine cookies

I want to set some value to cookie when user visits the homepage so that when he hits some url I'll get that value and compare it with what I've stored in db. Now do I have to set the same cookie v...

Porting a Visual C++ project to C#

c# c++ visual-c++ open-source porting

I got my hands on some well documented C++ code that's about 1KLOC. It would take me a significant amount of time to port this line by line and debug the results, so I'm wondering if there are tool...