2

When I send request from client side I received 302 code and redirect to login but next I received:

Console log: XMLHttpRequest cannot load https://login.microsoftonline.com/........................ No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost:' is therefore not allowed access. Error: Response with status: 0 for URL: null

ApiController:

[Authorize]
        public string Get()
        { }

I would like to return status code 401 or something like that.

Improve this question
4
  • you are not have permission to call https://login.microsoftonline.com/... from your origin https://localhost:44315 Commented Aug 28, 2016 at 12:07
  • Yes, i know but I want to response 401 or data to client, no redirect Commented Aug 28, 2016 at 12:11
  • You need to elaborate more and give more code Commented Aug 28, 2016 at 12:46
  • What about using an ActionFilter and check the response in OnActionExecuted event and return correct HttpResponseMessage and HttpStatusCode Commented Aug 29, 2016 at 6:49

1 Answer 1

Reset to default
1

It seems like you have not enabled CORS in your API or that you are using cookie authentication instead of Token based auth.

To return a 401 instead of a 302 you could write some Custom Owin Middleware that would check what your controller is returning and alter the response to make it fit your needs.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace Middleware
{
    using Microsoft.Owin;

    public sealed class MyCustomMiddleware : OwinMiddleware
    {
        public MyCustomMiddleware(OwinMiddleware next)
            : base(next)
        {
        }

        public override async System.Threading.Tasks.Task Invoke(IOwinContext context)
        {

            // Code here executed before reaching the controller
            await Next.Invoke(context);
            // Code here executed after reaching the controller, includes the response
            // check response here and modify it to suit your needs
            if(context.Response.StatusCode == 302) {
              var headers = context.Response.Headers;
              headers.Keys.ForEach(k => headers.Remove(k));
              context.Response.StatusCode = 401;
              context.Response.ContentType = string.Empty;
              context.Response.ContentLength = null;
              await context.Response.WriteAsync(string.Empty);
            }
        }
    }
}

then in startup.cs

        app.Use<Middleware.MyCustomMiddleware>();
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Yes, I using cookie authentication, but MyCustomMiddleware nothing change, I have the same error and 302.
Try to overwrite the response with some text if you can, also look at the headers, they might contain a redirect header, which you can try to remove.
I use return Content(HttpStatusCode.Forbidden, "Forbidden"); when !User.Identity.IsAuthenticated, but how I should protected web api ? Now I use cookie authentication but it is not good.
Did my answer help you in your original question (returning 401) ? If so please mark it as resolved. For your other question I recommend posting another StackOverflow question, because it requires a different answer.
No it didn't, still redirect to login.microsoftonline.com........................
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.