We had something similar up in this forum post. You could try to solve it by intercepting the default handler.
In your case you could check whether the user is authenticated and has no roles. If that is true, then the user must have come here because of missing rights, not missing authentication. So you can redirect or rewrite to a different page and skip the default handling (which triggers OWIN to attempt authentication).
Any direction on how to implement our own EPiServer.Web.IAccessDeniedHandler? Inheriting it doesn't seem to pick it up.
You would need to intercept the implementation, like documented here.
Basically you create your own additional logic and return from the method if you handle it. If your method not handle the scenatio, then you call the default implementation and let it do it's job (as a fallback).
So I implemented it as so:
public void ConfigureContainer(ServiceConfigurationContext context)
{
var container = context.StructureMap();
var services = context.Services;
services.Intercept<IAccessDeniedHandler>((locator, defaultCache) => new RoutingExtension(defaultCache));
//
//
//
}
Set up my own:
[ServiceConfiguration(ServiceType = typeof(IAccessDeniedHandler))]
public class RoutingExtension : IAccessDeniedHandler
{
private IAccessDeniedHandler _defaultCache;
public RoutingExtension(IAccessDeniedHandler defaultCache)
{
this._defaultCache = defaultCache;
}
public void AccessDenied(HttpContextBase context)
{
var a = context.User;
}
}
But the AccessDenied method is never hit?
Upgraded Epi to use Identity/Owin and its been pretty smooth sailing.
One issue we've come across is if we manage page visibility and set specific groups to view once a user has registered and logged (not cms), if you have the page link but aren't part of that Group you get redirected to the Cms login page.
From this post:
https://world.episerver.com/forum/developer-forum/-Episerver-75-CMS/Thread-Container/2014/3/Members-area-restrict-pages/
It suggests changing the forms url to the members page but the knock on effect would be admin/cms users if they try and go to /episerver (or whatever is configured) it would redirect to our customer login and instead will have to go directly to /util/login.aspx
Is there a best of both worlds here where we can keep the cms users too /episerver (or whatever is configured) but also make sure customers are redirected correctly.
I was thinking that maybe some type of Owin configuration could handle it and the routing, but i haven't come across anything like that