WebAPI 2 IAuthenticationFilter return 401
WebAPI 2 IAuthenticationFilter return 401
我需要从 AuthenticationFiler return 401 Unauthorized 但是当我出于某种原因抛出 HttpResponseException 时它 returns 302 Found 然后重定向到 login.aspx。
这是我的过滤器示例:
public class MyAuthenticationFilterAttribute : Attribute, IAuthenticationFilter
{
public bool AllowMultiple { get { return false; } }
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
Trace.TraceInformation("Authenticate");
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
public Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken)
{
throw new NotImplementedException();
}
}
我只是在 Startup.cs
上注册了它
如何正确return 401 Unauthorized from AuthenticationFiler?
实施身份验证过滤器时,您不应在身份验证失败时抛出 HttpResponseException。如果您认识到身份验证失败,只需在传递给过滤器的 HttpAuthenticationContext 参数中设置 ErrorResult 属性:
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
Trace.TraceInformation("Authenticate");
context.ErrorResult = new UnauthorizedResult(Enumerable.Empty<AuthenticationHeaderValue>(), context.Request);
}
我需要从 AuthenticationFiler return 401 Unauthorized 但是当我出于某种原因抛出 HttpResponseException 时它 returns 302 Found 然后重定向到 login.aspx。
这是我的过滤器示例:
public class MyAuthenticationFilterAttribute : Attribute, IAuthenticationFilter
{
public bool AllowMultiple { get { return false; } }
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
Trace.TraceInformation("Authenticate");
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
public Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken)
{
throw new NotImplementedException();
}
}
我只是在 Startup.cs
上注册了它如何正确return 401 Unauthorized from AuthenticationFiler?
实施身份验证过滤器时,您不应在身份验证失败时抛出 HttpResponseException。如果您认识到身份验证失败,只需在传递给过滤器的 HttpAuthenticationContext 参数中设置 ErrorResult 属性:
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
Trace.TraceInformation("Authenticate");
context.ErrorResult = new UnauthorizedResult(Enumerable.Empty<AuthenticationHeaderValue>(), context.Request);
}