-
Notifications
You must be signed in to change notification settings - Fork 3.4k
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Calling [Auto Api] , response status code 302 , why not 401 ? #5235
Comments
Sorry, I just saw the message now.
|
I am reponing this since I've got a similar comment: "If you hit an API endpoint that has an [Authorize] header as an anonymous user it responds with a 200 response and an html login page instead of a 401" |
If your api call has private void ConfigureRedirectStrategy(ServiceConfigurationContext context)
{
// Without this, api calls without "X-Requested-With: XMLHttpRequest"
// are redirected to identity server login page.
// We want to return 401:Unauthorized instead of redirecting
context.Services.ConfigureApplicationCookie(options =>
options.Events.OnRedirectToLogin = context =>
{
context.Response.Headers["Location"] = context.RedirectUri;
context.Response.StatusCode = 401;
return System.Threading.Tasks.Task.CompletedTask;
});
} Call it in your module's (I use it in HttpApiHostModule) |
Thank you. This is what I want. |
hi @mtozlu For Angular you can try to configure the services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options => //...... |
Hi @hikalkan @maliming @mtozlu post workaround. But this is only workaround. Are you preparing some update to achieve same behavior when calling controller vs. dynamicaly created from appservice ? |
This is follows the AspNet Core design. |
@maliming Thanks for your answere. But calling native controller or dynamicaly created should return same response. Right ?
Why you decided to return login page (redirection) ? What's the case ? How i can extend workaround that return same response that native controller (error json) ? |
This is very useful and I use it for CRUD App Service |
hi,
when i calling the [AUTO API] without login, why is the response status code 302 instead of 401.
version : 3.0.5
ui : MVC
In this case, I want the response to be 401.
how can i do ?
thank you !
The text was updated successfully, but these errors were encountered: