Bypass Forms Authentication auto redirect to login, How to?

Question

I\'m writing an app using asp.net-mvc deploying to iis6. I\'m using forms authentication. Usually when a user tries to access a resource without proper authorization I want them

Answer 1

Ok, I worked around this. I made a custom ActionResult (HttpForbiddenResult) and custom ActionFilter (NoFallBackAuthorize).

To avoid redirection, HttpForbiddenResult marks responses with status code 403. FormsAuthentication doesn't catch responses with this code so the login redirection is effectively skipped. The NoFallBackAuthorize filter checks to see if the user is authorized much like the, included, Authorize filter. It differs in that it returns HttpForbiddenResult when access is denied.

The HttpForbiddenResult is pretty trivial:

public class HttpForbiddenResult : ActionResult
{
    public override void ExecuteResult(ControllerContext context)
    {
        if (context == null)
        {
            throw new ArgumentNullException("context");
        }
        context.HttpContext.Response.StatusCode = 0x193; // 403
    }
}

It doesn't appear to be possible to skip the login page redirection in the FormsAuthenticationModule.