Unauthorised webapi call returning login page rather than 401

by

Brock Allen has a nice blog post on how to return 401 for ajax calls when using Cookie authentication and OWIN.
http://brockallen.com/2013/10/27/using-cookie-authentication-middleware-with-web-api-and-401-response-codes/

Put this in ConfigureAuth method in the Startup.Auth.cs file:

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
  AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
  LoginPath = new PathString("/Account/Login"),
  Provider = new CookieAuthenticationProvider
  {
    OnApplyRedirect = ctx =>
    {
      if (!IsAjaxRequest(ctx.Request))
      {
        ctx.Response.Redirect(ctx.RedirectUri);
      }
    }
  }
});

private static bool IsAjaxRequest(IOwinRequest request)
{
  IReadableStringCollection query = request.Query;
  if ((query != null) && (query["X-Requested-With"] == "XMLHttpRequest"))
  {
     return true;
  }
  IHeaderDictionary headers = request.Headers;
  return ((headers != null) && (headers["X-Requested-With"] == "XMLHttpRequest"));
}

More Related Contents:

  1. OWIN Security – How to Implement OAuth2 Refresh Tokens
  2. How do you login/authenticate a user with Asp.Net MVC5 RTM bits using AspNet.Identity?
  3. ASP.NET MVC 5 – Identity. How to get current ApplicationUser
  4. How to get current user, and how to use User class in MVC5?
  5. How to add claims in ASP.NET Identity
  6. Set default global json serializer settings
  7. Do I need a Global.asax.cs file at all if I’m using an OWIN Startup.cs class and move all configuration there?
  8. How to extend IdentityUser with custom property
  9. Get IPrincipal from OAuth Bearer Token in OWIN
  10. User in Entity type MVC5 EF6
  11. How to add Web API to an existing ASP.NET MVC (5) Web Application project?
  12. Get UserID of logged-in user in Asp.Net MVC 5
  13. GlobalConfiguration.Configure() not present after Web API 2 and .NET 4.5.1 migration
  14. Get the current user, within an ApiController action, without passing the userID as a parameter
  15. How to use DI container when OwinStartup
  16. Running self-hosted OWIN Web API under non-admin account
  17. Disable *all* exception handling in ASP.NET Web API 2 (to make room for my own)?
  18. Login page on different domain
  19. Unhandled Exception Global Handler for OWIN / Katana?
  20. How to inject UserManager & SignInManager
  21. How to renew the access token using the refresh token?
  22. Make Https call using HttpClient
  23. How to write a JSON file in C#?
  24. 404 error after adding Web API to an existing MVC Web Application
  25. Route parameter with slash “/” in URL
  26. Why is Asp.Net Identity IdentityDbContext a Black-Box?
  27. Simple JWT authentication in ASP.NET Core 1.0 Web API
  28. C# unsupported grant type when calling web api
  29. Can OWIN middleware use the http session?
  30. WCF Service or Web API [closed]

Leave a Comment