Open Closed

401 Response from API instead of redirect #2312


0
rebit created

Hi.

I'm trying to expose an application service method to a 3rd party that determines whether the user should be authorised to access the method inside of the method. If authorisation is required, I want to return a 401 HTTP code.

What I've done is to throw a AbpAuthorizationException when authorisation is required, but this redirects the request to the application login page with a 302 response code. I want to return a 401 response to allow the 3rd party to authenticate the user.

How can I accomplish this?


9 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi,

    The response status should be 401 if authorization is failed. Can you make a test with postman (a google chrome extension) like in below screenshot.

  • 0
    rebit created

    I've made the request, bit it returns with a 200 OK code and the body of the response is the login page HTML.

    It must be noted that this is not an ABP Core project and that it was upgraded from ABP 0.8 to 0.11 previously and then upgraded to 1.2.2 yesterday.

  • 0
    ismcagdas created
    Support Team

    Hi,

    Did you make the request with postman ? If so, can you share the code of your request ? You can see it when you click the orange code link which you can see in my previous screenshot.

  • 0
    rebit created
    POST /api/services/app/role/GetRoles HTTP/1.1
    Host: jacques_local.vampant.loopback.dev.antfarm.co.za
    Cache-Control: no-cache
    Postman-Token: 8bb436d1-2649-ce3c-d531-3e8d91a91b31
    
    {}
    

    See below:

  • 0
    ismcagdas created
    Support Team

    Hi,

    Can you check the ABP version you are using ?

  • 0
    rebit created

    ABP version is 1.2.2.0

  • 0
    ismcagdas created
    Support Team

    Can you sen your project to <a href="mailto:info@aspnetzero.com">info@aspnetzero.com</a>, so we can find the problem faster if this is not a problem for you.

    Thanks.

  • 0
    rebit created

    I have finally managed to solve the issue.

    It looks like I did not upgrade the WebAPI project correctly.

    The line below was missing from my WebApi Module's Initialize() method:

    Configuration.Modules.AbpWebApi().HttpConfiguration.Filters.Add(new HostAuthenticationFilter("Bearer"));
    

    Once added, the 401 response code is returned.

  • 0
    ismcagdas created
    Support Team

    Great news :)