Custom Access Denied page - "website declined to show this webpage"

Question

Hello,

I'm trying to build a custom access denied page.
I created a new SharePoint project in VS2010 for this.
With a Site scoped feature I deploy the custom page to my SharePoint environment.

When I navigate directly to my custom page under /_layouts/ it works fine, no errors or anything.

When I log in as a limited user and I try to open a site where this user doesn't have access, I'm getting a standard (IIS I think?) page telling me "The website declined to show this webpage". Further info it gives me is "This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage. "

Why doesn't SharePoint use my custom access denied page?

Also, if I retract my solution in Visual Studio (and double checked in Central Admin), suddenly SharePoint is not able to find the ootb AccessDenied.aspx page.
Then I get a "The resource cannot be found" error for the accessdenied.aspx page. I tried to do an iisreset, even rebooted the entire webserver, but no success...

So now what? I'm left without a working access denied page :(

Answer 1

When deploying this solution simply deploying to the layouts folder is not enough to switch the access denied behavior to direct to your page.  Did you overwrite the out of the box access denied page?  I would recommend deploying your page to /layouts/MySolution/CustomAccessDenied.aspx and then adding redirect code to the out of the box page to direct to your page.  Also note that a change like this could always be overwritten by a patch or service pack install.

Now since you are getting that error can you pull a default accessdenied.aspx from a different SharePoint install?  If not PM me and I will send you one.

  

---

Determination conquers all things.

Answer 2

If you get stuck, you can try the approach described on this page: http://www.ngpixel.com/2010/12/23/sharepoint-2010-custom-error-pages/

---

Kind Regards Bjoern
Blog

Answer 3

jjr2527,

I did use a custom sharepoint solution, which deploys my custom page to /_layouts/mycustomapplicationpages/accessdenied.aspx.
So I didn't overwrite the out of the box one, for the very same reasons as you describe (might be overwritten again on the next update + it's not a supported scenario). That's also why it doesn't make any sense to me that I seem to have lost the ootb AccessDenied.aspx page when I retract my custom solution. If I check on the server, I still have the AccessDenied.aspx under the TEMPLATES/LAYOUTS folder (datestamp = 26/03/2010 21:25)

In my feature receiver code I used the following to set my custom page:

const string customAccessDeniedPage = "/_layouts/MyCustomApplicationPages/AccessDenied.aspx";
        public override void FeatureActivated(SPFeatureReceiverProperties properties)
        {
            SPSite site = properties.Feature.Parent as SPSite;
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (SPSite _site = new SPSite(site.ID, SPUserToken.SystemAccount))
                {
                    SPWebApplication webApp = _site.WebApplication;
                    if (null != webApp)
                    {
                        if (!webApp.UpdateMappedPage(SPWebApplication.SPCustomPage.AccessDenied, customAccessDeniedPage))
                        {
                            throw new ApplicationException("Cannot create the new access denied page mapping.");
                        }
                        webApp.Update(true);
                    }
                }
            });
        }
        public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
        {
            SPSite site = properties.Feature.Parent as SPSite;
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (SPSite _site = new SPSite(site.ID, SPUserToken.SystemAccount))
                {
                    SPWebApplication webApp = _site.WebApplication;
                    if (null != webApp)
                    {
                        if (!webApp.UpdateMappedPage(SPWebApplication.SPCustomPage.AccessDenied, customAccessDeniedPage))
                        {
                            throw new ApplicationException("Cannot reset the default access denied page mapping.");
                        }
                        webApp.Update(true);
                    }
                }
            });
        } 

Answer 4

Bjoern,

That approach uses the IIS mappings. SharePoint allows to do this inside SharePoint, so I prefer to use that approach.
It also allows me to work inside the SharePoint context to display additional information, which is what I want to do.

Answer 5

OK solved it!

Two errors in fact in my scenario:

1/ Regarding the default AccessDenied.aspx that was missing after retracting the custom solution:
If you check my FeatureDeactivated code, you'll see that I was not resetting the page. I'm doing the same as in FeatureActivated, setting the page to customAccessDeniedPage instead of null. So when retracting, the page was set to a non existing page, hence the "resource not found" error.

2/ Regarding the "Website declined to show this webpage" on the custom access denied page:
You get this when you try to access resources that require permissions. Eg if you refer to a css file where the current user doesn't have access to.
In my case I was using SPContext.Current.Web.Title, which obviously doesn't work if you don't have permissions on the website.
After moving all sensitive code in a RunWithElevatedPrivileges block, everything is working fine.

So two things to look after:
- Make sure that the FeatureActivated and FeatureDeactivated code is correct.
- Make sure you don't use permission sensitive properties/resource, or put them in a RunWithElevatedPriveleges block.

Custom page is working great now :)

Answer 6

i did the exact same thing and my sloution wont deploy. I'm getting "Error occurredin step 'Activate Features': object reference not set to an instance of an object."

<code>

[

Guid("b7699db0-5f2a-474d-ad6c-ad4e30b59596")]

public class Feature1EventReceiver : SPFeatureReceiver

const string customAccessDeniedPage = "/_layouts/ClinicalPathways/CustomAccessDenied.aspx";

public override void FeatureActivated(SPFeatureReceiverProperties properties)

{

SPSite site = properties.Feature.Parent as SPSite;

SPSecurity.RunWithElevatedPrivileges(delegate()

{

using (SPSite _site = new SPSite(site.ID, SPUserToken.SystemAccount))

{

SPWebApplication webApp = _site.WebApplication;

if (null != webApp)

{

if (!webApp.UpdateMappedPage(SPWebApplication.SPCustomPage.AccessDenied, customAccessDeniedPage))

{

throw new ApplicationException("Cannot create the new access denied page mapping.");

}

webApp.Update(

true);

}

}

});

}

public override void FeatureDeactivating(SPFeatureReceiverProperties properties)

{

SPSite site = properties.Feature.Parent as SPSite;

SPSecurity.RunWithElevatedPrivileges(delegate()

{

using (SPSite _site = new SPSite(site.ID, SPUserToken.SystemAccount))

{

SPWebApplication webApp = _site.WebApplication;

if (null != webApp)

{

if (!webApp.UpdateMappedPage(SPWebApplication.SPCustomPage.AccessDenied, customAccessDeniedPage))

{

throw new ApplicationException("Cannot reset the default access denied page mapping.");

}

webApp.Update(

true);

</code>What am I doing wrong?Please post the correct code.

}

}

});

}

{

Answer 7

Ninel,

The only reason I can think of for that error is that the scope of your feature is not set to "site".
In that case, properties.Feature.Parent will not return an SPSite object, but something else (SPWeb or SPWebApplication etc).