{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 兄弟一词,经得起流年. 的问题《Mvc action returns 401 error》','https://www.manongdao.com/q-987219.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
This is a strange one. They always are when I get to this point.
I have an MVC app. It's a single page app so all routes are ajax calls but I don't think this is relevant.
Strangely and all of a sudden one particular page has started giving me a 401 and prompting for creds. Actually it's both pages that are in this MVC Area. It is only doing it in qa no locally so I can't debug. And It only started after last push. None of the other pages are doing this.
So I compared the headers via fiddler for a successful page and the 401 page on the site. exactly the freakin same except the url. the actions
the action for 401
public ActionResult Display_Template(ViewModel input)
{
return this.View("Display", new TasksByFieldViewModel());
}
for the 200
public ActionResult AddUpdate_Template(ViewModel input)
{
return View("VendorAddUpdate", new VendorViewModel());
}
The only changes are this and this makes no sense.
From the 401 page, I redirect to an aspx page that has a reportviewer on it. But you have to click a button and then you are window.locationed on over. It can't possibly have anything to do with that.
The second is that I upgraded from sqlserver trial to sqlserver standard on the qa server.
That's all I got. completely befuddled.
Any thoughts would be great.
Thanks,
Raif
EDIT\Fix\Hack:
Ok well this is either confusing or enraging. It's too early to tell.
My MVC Area, the one that is breaking, well it was named "Reports" because, well it was full of reports. After doing some hail mary tests I changed the Area name to Reportsx, now it works like a dream. As I certainly never told any part of the stack to demand credentials if the Area name is Reports I can only assume that there is some IIS setting or MVC setting that says if the url is xxx/Reports then demand creds.
I'm open to alternative views.
If the system at wherever you work is similar to the one where I work, then when you say "in QA" you mean you've put your code on a server for the testers to poke at. Now, when I first started here, I was told to leave certain existing config files as I found them on this server, because changes will introduce things that are specific to my machine and break things. I'm guessing you have a similar policy, and have therefore deployed your new page to a server, but left that server's Web.config alone. However, in Web.config, there's a whole list of sections that look something like this:
where the "something" as the path value in the first line can be a path like "Assets/CSS" or a page like "Login.aspx". You'll notice that there's various settings for auth modes.
Now, if the Web.config on the QA server mentions something called "Reports" and specifies that it requires a particular auth mode, then failure to provide suitable credentials for that mode will result in a 401. Changing the name to "Reportsx" probably just meant that it can no longer find a matching entry, and so fell back to a default mode, which apparently lets people in.
So, try checking the server's Web.config for sections mentioning "something/Reports" and see what auth they require.