stackoom
  简体   繁体   中英

ASP.NET MVC5 WebAPI2 Prevent Unauthorized Redirect to Login Page

 原文  2013-11-07 19:09:05       c#/ asp.net-web-api/ asp.net-mvc-5

Question

Why is my WebApi2 controller redirecting me to the Login page when I return Unauthorized()? The same happens when I use the [Authorize] attribute. Shouldn't the controller return a Json or XML result as requested in the Content-Type ? Redirecting me to the Login page is a waste of resources and completely useless to an application client.

Ive looked around the web It seems that the forms authentication module is grabbing my 401 response and converting it into a 302. This is odd because my Authentication Mode is 'none' (not forms). Moreover I have read that this 'feature' has been fixed in .Net 4.5 (which I am running).

I have tried overriding my Application_EndRequest in my Global.asax.cs 

        protected void Application_EndRequest()
    {
        var context = new HttpContextWrapper(Context);
        // If we're an ajax request, and doing a 302, then we actually need to do a 401
        if (Context.Response.StatusCode == 302 && context.Request.ContentType.StartsWith("application"))
        {
            Context.Response.Clear();
            Context.Response.ClearContent();
            Context.Response.StatusCode = 401;
            context.Response.RedirectLocation = null;
            Context.Response.End();
        }
    }

It did not work very well (returned an IIS Html page). What is the next step ?

1 answers

solution1
 9 ACCPTED  2013-11-07 19:55:52

Using cookie authentication middleware with Web API and 401 response codes You can customize it, by overriding OnApplyRedirect event in your CookieAuthenticationProvider. Read blog for further explanation. 

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
   AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
   LoginPath = new PathString("/Account/Login"),
   Provider = new CookieAuthenticationProvider
   {
      OnApplyRedirect = ctx =>
      {
         if (!IsAjaxRequest(ctx.Request))
         {
            ctx.Response.Redirect(ctx.RedirectUri);
         }
     }
   }
});

And in same class: 

private static bool IsAjaxRequest(IOwinRequest request)
{
   IReadableStringCollection query = request.Query;
   if ((query != null) && (query["X-Requested-With"] == "XMLHttpRequest"))
   {
      return true;
   }
   IHeaderDictionary headers = request.Headers;
   return ((headers != null) && (headers["X-Requested-With"] == "XMLHttpRequest"));
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET WebApi2/MVC5 cookie authentication How to use multiple login pages in .ASP.NET Core MVC and unauthorized user redirect different login page ASP.Net Mvc Core Project unauthorized request doesn't redirect to Login page ASP.NET MVC - How to show unauthorized error on login page? ASP.NET MVC5 Authenication on login Simple Login with ASP.Net MVC5 ASP.NET MVC5 Login & Chat Get ASP.NET MVC5 WebAPI token fails sometimes Ninject for MVC5, WebApi2 using OWIN MVC5 WebApi2 route not working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM