Login/Register
How do I return a 401 authentication error to a RestSharp client?
Asked Answered
Solved asp.net-mvcrestsharphttp-error
V

4

5

In my Mvc Api controller, if the user cannot be authenticated I throw an HttpException 401. However, the RestSharp client seems to translate this into a Http 500 status code.

I want to be able to throw HttpExceptions from my Mvc controller, and have the RestSharp client preserve the original error in its StatusCode property.

Also, I notice if the server is not up, when the RestSharp client makes a request, the reponse has a status code of 0, and a response code of Error. Should the RestSharp not return a 404 http error code instead?

What I really need is a bit of documentation on how RestSharp works with HttpCodes.

Updated with code in my api controller:

throw new HttpException((int)HttpStatusCode.Unauthorized, AuthenticationError);
Viewable answered 19/1, 2012 at 12:19 Comment(0)
V
4

I've been able to investigate this issue myself. Forms Authentication is set on the web app which means that when a HttpUnauthorizedResult is returned from the controller, MVC kicks in and redirects to the login page. This has the effect of the client assuming that no errors occurred.

I resolved this by using the aspnet.suppressformsredirect nuget package, and add the suppress flag into the response for authentication.

Viewable answered 6/2, 2012 at 14:45 Comment(1)
Right @jaffa, this should be the accepted answer for MVC 4. But how lame is it that we have to download something just to return a 401? Ridiculous. My just-as-lame workaround is to send a 403 Forbidden. (See my answer).Mitis
A
12

Have you verified that you really return 401 to the client? ASP.NET MVC got some strange error handling sometimes.

Try to return a HttpUnauthorizedResult instead. MSDN doc

Aestivate answered 19/1, 2012 at 12:23 Comment(5)
I've updated my post with code example. The controller serves json, so would using HttpUnauthorisedResult work correctly? Am I doing the right thing here?Viewable
My answer still apply. I find it more likely that ASP.NET MVC handles your HttpException incorrectly (and return a 501) than that RestSharp converts a 401 to 500Aestivate
This seems to break the httpcodes then. I won't ever be able to display the correct errors back to the user. Mvc should send the correct 401 back to the client, in this case RestSharp. Is there any way round this?Viewable
Use the action result HttpUnauthorizedResult from your authorization filter (or the controller action). It's an action result that is included in ASP.NET MVCAestivate
Still no luck with this, can someone try and reproduce this problem with ASP.Net MVC and RestSharp. I'm raising http errors and they're getting lost somewhere along the way.Viewable
V
4

I've been able to investigate this issue myself. Forms Authentication is set on the web app which means that when a HttpUnauthorizedResult is returned from the controller, MVC kicks in and redirects to the login page. This has the effect of the client assuming that no errors occurred.

I resolved this by using the aspnet.suppressformsredirect nuget package, and add the suppress flag into the response for authentication.

Viewable answered 6/2, 2012 at 14:45 Comment(1)
Right @jaffa, this should be the accepted answer for MVC 4. But how lame is it that we have to download something just to return a 401? Ridiculous. My just-as-lame workaround is to send a 403 Forbidden. (See my answer).Mitis
N
4

Here are two ways to return a 401 in MVC.

return new HttpUnauthorizedResult("Unauthorized");

or

return new HttpStatusCodeResult(401);
Novanovaculite answered 19/10, 2016 at 10:32 Comment(0)
M
2

Lame, lame, lame that we have to download a NuGet package to return a 401! My workaround is to respond with a 403 Forbidden with an explanation:

throw new HttpException((int)HttpStatusCode.Forbidden, 
  "Please log in as user " + UserId + " and try again.");

Not semantically correct, but is less work, less ongoing maintenance, and less risk.

Mitis answered 7/5, 2015 at 16:40 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.