PowerShell, SharePoint, Technical

Custom Access Denied Page in SharePoint 2013

In SharePoint 2010, it was quite easy to tell SharePoint to use a custom access denied page that you developed and deployed to the farm instead of the out of the box page. There are many reasons that lead to the need for this, such as changing the text of the message or adding a more dynamic page / form to collect information from the user or perform some other function. Once you build your page and get it deployed, all it took was a call to SPWebApplication.UpdateMappedPage or the PowerShell cmdlet Set-SPCustomLayoutsPage with the proper parameters and you’re off and running. Plenty of posts on the Internet on doing that task so I won’t cover it here.

What I do want to cover, however, is where things stand on this topic with 2013. As of the writing of this post, you can’t do this. Although the same UpdateMappedPage method and Set-SPCustomLayoutsPage cmdlet exists in 2013, there is an identified bug in the product related to the property. The custom location can be set using either of these methods, but SharePoint will not recognize them and will continue to use the out of the box accessdenied.aspx page. I’ve verified this through a Microsoft internal distribution group as well as a support case submitted by me on behalf of one of my clients. Hopefully this gets fixed in a hotfix or CU, but until then you are out of luck.

There are a couple other options, though.

  1. Supported Option:  Create an HTTP handler (covered a bit in this forum post) to intercept each request and redirect to your custom page if the server is sending the user to the out of the box accessdenied.aspx page. I don’t like this since it adds overhead to every SharePoint page request.
  2. Unsupported Option, proposed by a co-worker of mine, Lester Sconyers:
    1. Add a delegate control to the error.master like below. (I know, I know. Not ideal)
    2. <SharePoint:DelegateControl runat=”server” ControlId=”MyDelegate” AllowMultipleControls=”true” />

    3. Create a user control to be deployed to _controltemplates
    4. Create an elements.xml file which will add the control to the delegatecontrol.
    5. <ControlId=”MyDelegate”ControlSrc=”~/_controltemplates/15/mycontrols/redirect.ascx”Sequence=”1″ />

    6. On the pageload method of the user control check the request url. If it is for access denied, redirect users to your custom page

A nice option for those who are ok with modifying out of the box pages.

I should note that the UpdateMappedPage and Set-SPCustomLayoutsPage are not just for access denied. They are used for the following pages:

  • AccessDenied
  • Confirmation
  • Error
  • Login
  • RequestAccess
  • Signout
  • WebDeleted

I haven’t tested to see if changing the setting for pages other than AccessDenied are respected or not.