Best Way to handle Errors

Inside my web.config i have thise configuration, but will them redirect to specifiy statusCode rather than doing in code behind. Let's said the user is not allowed to go into the Manager side, will this automatically redirect the user to 401.aspx?

@gahhon

I don't quite understand your question? What do you want to do or what issue are you having?

Is not a issue, just trying to re-call back my memory or this customErrors configuration.
A statusCode="404" a successful to occur, but will the 401 error code execute as well? If i using own design & database to design the Login.

There are some errors that are generated prior to the asp.net engine getting involved in the process so you wont be able to handle them all using the web.config custom errors section. You can handle those types of errors by customizing the error pages that IIS manages.

Are you trying to handle a 401 and unable to in asp.net? Take a look at this discussion on the forums asp.net site: http://forums.asp.net/t/1822367.aspx

Yeah, i remember that configuration

<authorization>
         <deny users="?" />
         <allow users="*" />
 </authorization>

But how can i define the users or roles? if using self database system?

how can i define the users or roles? if using self database system?

Personally, If I done a project that included forms based authentication that required roles, I've stuck with asp.net's membership providers, mainly SQL.

I have not tinkered with custom membership providers. Here is a link on Microsoft's site on how to implement a custom provider.

Implementing a Membership Provider.

You would go with a custom provider in a situation where you need to manage membership information using a database schema that is different from the database schema used by the providers that ship with the .NET Framework.

If like that, would you advise me to go something like previous that i posted about the cookies?

if (CookiesWrapper.Username != null && CookiesWrapper.Role == "Manager")
    //Contents
else
    Response.Redirect("~/401.aspx");

Sure, you can handle it that way. If your web site is set to anonymous authentication in IIS and you are handling authentication and authorization on your own, you will defintely need to check for their "role" on each of your secured pages, and simply redirect the user if they are not allowed.

I've used this approach many times as well. I dont think there is anything wrong with that.

Keep in mind that asp.net is really just about providing a framework for rapid deployment. Leverage those components that make sense for your particular project.

How about i want to redirect the user to Custom Error Page .aspx with passing the error messages of they are facing?

Store in a session variable, retreive on target page.

Otherwise, you can log the error in a DB table and just pass the ID or the error you just logged via a querystring, then on the target page, perform a lookup of the ID and retreive what you logged. This allows you to keep a long term record of errors.

So do i need to do the setting on web.config as my default error page?

defaultRedirect="/ErrorPages/DefaultError.aspx"

The default redirect will catch those errors that are not specified by you in the web.config. You can keep it if you want to redirect to the same page for errors other than the one's you specify. Specifying error codes allow you to redirect to specfic pages so you can provide specific error content back to the user. Keep in mind some errors will occur outside of asp.net's reach.