Securing custom application pages in _layouts directory

I had a need to be able to only allow site collection admins to see some custom pages I had deployed into the _layouts directory.
Create a custom code behind class for your aspx that inherits from LayoutsPageBase.
Next, override the OnLoad method in your code behind and add the following code

if (!SPContext.Current.Web.UserIsSiteAdmin)
              SPUtility.HandleAccessDenied(new Exception("You need to be a site administrator to access this page."));

This will redirect the user to the built in SharePoint Access denied page, for consistency.

About these ads
Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: