HttpStatusCodeResult(401) returns “302 Found”

2019-01-24 06:20发布

Using ASP.NET MVC 5, I would like to return appropriate HTTP status code for different scenarios (401 for user is not authenticated, 403 when user has no right for some resource, etc.), than handle them in jQuery.

But the problem is, when I try to return 401, it always returns "302: Found". What is the trick for a custom status code, and why this doesn't work?

public ActionResult My()
{
    if (User.Identity.IsAuthenticated == false)
    {
        return new HttpStatusCodeResult(401, "User is not authenticated."); 
            // Returns "302: Found"
    }

   // ... other code ...
}

EDIT 1: Interesting bit:

If I replace the 401 with a 404 like this:

return new HttpNotFoundResult("User is not authenticated.");

Then it indeed gives a 404 and jQuery can catch the problem. However it's not an elegant solution as the error code is different.

EDIT 2: 302 is not good for me, as the result would be used in jQuery.get().fail(), but 302 won't triger fail()

1条回答
甜甜的少女心
2楼-- · 2019-01-24 07:15

Lol this is an awesome problem

The way auth works in MVC is that when you aren't logged in and try to access a secure page it throws a 401 exception. MVC then catches this exception and redirects the user to the login page (which is the 302 you are seeing)

I suppose there's a few things you can do to fix it:

EDIT

As per your comments, the following code will turn all redirects into 401s when requested via ajax. This is one approach for avoiding the issue listed

public class MvcApplication : HttpApplication {
    protected void Application_EndRequest() {
        var context = new HttpContextWrapper(Context);
        // If we're an ajax request, and doing a 302, then we actually need to do a 401
        if (Context.Response.StatusCode == 302 && context.Request.IsAjaxRequest()) {
            Context.Response.Clear();
            Context.Response.StatusCode = 401;
        }
    }
}
查看更多
登录 后发表回答