AuthorizeAttribute for Web API (ASP.NET Core 2)
Question
I want to use AuthorizeAttribute for my Web API methods. But when user is not authorized method returns Login-View instead simple 401-status-code.
Startup.cs:
public void ConfigureServices(IServiceCollection services)
{
// Another code.
services.AddDefaultIdentity<User>(opt => {})
.AddEntityFrameworkStores<MyDbContext>();
// Another code.
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
// Another code.
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "api/{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
// Another code.
}
SimpleController.cs:
[Route("api/[controller]")]
public class SimpleController : Controller
{
[Authorize]
[HttpGet("{id}")]
public int Index(int Id)
{
return Id;
}
}
In ASP.NET MVC 5 we have both AuthorizeAttribute :
-
System.Web.Http.AuthorizeAttribute- which is used for the web API. -
System.Web.Mvc.AuthorizeAttribute- which is used for controllers with views.
But ASP.NET Core 2.0 has only one kind of attribute - for controllers with views. What do I need to do to get status-codes (401, 403) instead views?
1 answers
solution1
3 ACCPTED 2019-03-15 22:08:20
ASP.NET Core Identity uses cookie authentication and therefore you can override CookieAuthenticationOptions.Events to make it work as you need. Identity provides ConfigureApplicationCookie configuration method for this.
services.ConfigureApplicationCookie(options =>
{
//this event is called when user is unauthorized and is redirected to login page
options.Events.OnRedirectToLogin = context =>
{
context.Response.StatusCode = 401;
return Task.CompletedTask;
};
});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.