The method that is invoked when the current users access rights are not suffcient for the operation that he tries to perform.

Namespace:  EPiServer
Assembly:  EPiServer (in EPiServer.dll) Version: 6.0.530.0


public virtual void AccessDenied()


This method will perform different functions depending on the authentication method in use. If forms authentication is used, then it will redirect the user to the login page as defined in web.config. If windows authentication is used, an Access Denied header (http status 401) will be sent to the client.


The following code example demonstrates the usage of AccessDenied to deny access to a user that is not logged on. The example is taken from the Web user control LoginStatus.ascx, which is delivered with EPiServer. It must be understood that the click event for ASP.NET Server control Login has been linked to the function Login_Click, so that when the user clicks the Login button, this function is executed. Note that the call to AccessDenied does not necessarily mean that the user is denied access - it can also be used to present the user with a login dialog. This happens in Web user control QuickBar.ascx.
public abstract class LoginStatus : UserControlBase 
    protected System.Web.UI.WebControls.LinkButton Login;

    protected void Login_Click( object sender, System.EventArgs e ) 
        System.Security.Principal.IPrincipal user = Context.User;
        if ( ( user != null ) && user.Identity.IsAuthenticated ) 

See Also