Can you grant access to controllers/views for non-authenticated users

Question

I have an MVC 3 application which uses asp.net authentication. I have just created a custom errors controller and a couple of views for unknown errors and 404’s. This works fine when I am logged into the application but if an internal server error happens during logon I would like to display the error/unknown view. However I just keep getting redirected back to the login as I am not authenticated.

I have added a location path for ‘Views/Error’ to my Web.config to allow access to all users but I am guessing it’s the controller access that is causing the redirection.

Is there any way you can allow this in MVC or do I need to think of another solution? Just did not want to add a generic message to the login page as that’s what my unknown error view is for.

Answer 1

Have you tried adding a location section to your web.config file?

the url should be the url of your error pages. Within the location element specify authorization as allow users="*"

or, add the authorise attribute to your error controller or actions with users set to "*".

You are sort of correct though. You need to change who is authorised to access your error controller. the authorise attribute and the location element both allow you to do this.

Simon

Answer 2

I find it better to use the [Authorize] attribute on your controllers. You can use that on your controllers or views that require authorized user. This way everyone will have access to your Error controller.