I'm basically a novice with Web Api, but I have finally added Web Api into an existing project and implemented a basic authorisation filter which allows me to both authenticate the user and use their identity in my apicontroller action methods.
The problem I'm having is that when the user is not successfully authenticated (their authorisation credentials are not valid) I am not able to return a 401 forbidden response as the MVC site automatically redirects to the login page and returns the html with a 302 redirect code.
I have seen fixes like:
protected void Application_EndRequest(Object sender, EventArgs e)
{
HttpApplication context = (HttpApplication)sender;
context.Response.SuppressFormsAuthenticationRedirect = true;
}
in global.asax
Which simply have not worked. Even if it had worked it would prevent the redirect for users browsing the website which I would like to keep.
Is there a way of preventing this redirect from taking place only in instances of failed authorisation with my Web Api, whilst also keeping the redirect for the main MVC site?
