Sometimes you get a requirement to customize the default ‘Access denied page’ in MOSS 2007. For beginners, don’t confuse this page with IIS 401 ‘Access denied’ page. They are completely different. Request for customizing access denied page generally means, having the same look and feel of the rest of the site. In my experience this is easier said then done.
After researching I found the following options available on the net
1. If you want to just change the content of the access denied page then modify the resources text in resources pages (http://blogs.msdn.com/sridhara/archive/2007/04/14/customizing-placeholder-values-in-moss-2007.aspx) . This won’t help our scenario. We want to customize the entire page and it should have same look and feel of the rest of the site.
2. Change the ‘Access denied page’ completely as mentioned here (http://blogs.tamtam.nl/mart/CustomizingTheLayoutsFiles.aspx). But this is not MS recommended scenario as future updates may replace the access denied page. Microsoft published a workaround for this (http://support.microsoft.com/kb/944105) but again doesn’t look very clean.
3. Create a HTTP module as mentioned here (http://blogs.msdn.com/bgeoffro/archive/2007/11/12/branding-a-moss-corporate-intranet-portal-part-3-layouts-pages.aspx) . This one is too tedious.
Unfortunately, Microsoft doesn’t recommend changing this page because these are system pages and any future updates may overwrite these changes. So I choose the workaround as suggested by Microsoft and created a backup of the ‘Layouts’ folder. Then
- Backed up ‘accessdenied.aspx’ page as ‘accessdenied_original.aspx’
- Created a new ‘accessdenied.aspx’ page
- We cannot inherit this page from existing default.master page because master page is not in the file system and the security context for master page is different from access denied page. So there is no other option than copying the entire master page code into the new ‘accessdenied.aspx’ page.
- We need to then physically delete master page controls in the access denied page. Go through the code and delete all the asp:ContentPlaceHolder code.
- In Visual Studio switch between design view and code view and remove all the control errors
- Add the required content in the accessdenied.aspx page
- Save the page and now browse to the new accessdenied.aspx page directly (http://<yoursitename>/_Layouts/AccessDenied.aspx)
- Everything looks good? – Good! You think you are done with access denied page. No not yet.
For some reason re-login feature (“Sign in as Different user”) is implemented via access denied page. Click on your name in the top right corner and select ‘Sign in as different user’. You will get access denied page. Strange but it is true!! No idea why it is done this way (other than someone took a shortcut approach).
So now, you need to implement the ‘Sign in as different user’ login in your new accessdenied.aspx page. This can be done in two ways
- Or redirect users to ‘accessdenied_original.aspx’ based on the value in querystring for ‘loginasanotheruser’.