With Cookie Auth in ASP.NET 5 Identity, how to get WebAPI to return 403

Question

I created a trivial webapi controller with the authorize tag as below. I call it with jquery when I'm not authenticated and I get in the response the message

{"Message":"Authorization has been denied for this request."}

but that carries a 200 success which means the jquery error handler success gets called.

using WebAPI 2, I want a 403 thrown when not authorized, not a 200. How can I achieve this?

Controller File:

   public class TenantWebApiController : ApiController
    {
        // GET: api/TenantWebApi
        [Authorize]
        public IEnumerable<string> Get()
        {
            return new string[] { "value1", "value2" };
        }
        ...

Index.cshtml

$(document).ready(function () {
    $.ajax({
        url: '/api/TenantWebApi',
        type: 'GET',
        dataType: 'json',
        data: {
            firstName: 'Peter',
            lastName: 'Kellner'
        },
        error: function(jqXHR, textStatus, errorThrown) {
            alert('An error occurred');

        },
        success: function(data, textStatus, jqXhr) {
            alert('success');
        }
    });
});

Look my answer in here: http://stackoverflow.com/questions/20149750/owin-unauthorised-webapi-call-returning-login-page-rather-than-401/30777418#30777418 — cuongle, Oct 12 '16 at 17:06
I expect a 401 in this case. What's creating the ***{"Message":"Authorization has been denied for this request."}*** message? — Stinky Towel, Oct 12 '16 at 19:55

With Cookie Auth in ASP.NET 5 Identity, how to get WebAPI to return 403

0 Answers0