的HTTPStatus codeResult（401）的回报＆QUOT; 302计算值：QUOT; [英] HttpStatusCodeResult(401) returns "302 Found"

问题描述

使用ASP.NET MVC 5，我想返回不同的场景相应的HTTP状态code（401用户没有通过验证，403在用户对某些资源没有权利，等等），比处理它们jQuery中。

Using ASP.NET MVC 5, I would like to return appropriate HTTP status code for different scenarios (401 for user is not authenticated, 403 when user has no right for some resource, etc.), than handle them in jQuery.

但问题是，当我试图返回401，它总是返回302：已找到。什么是自定义状态code的伎俩，为什么不起作用？

But the problem is, when I try to return 401, it always returns "302: Found". What is the trick for a custom status code, and why this doesn't work?

public ActionResult My()
{
    if (User.Identity.IsAuthenticated == false)
    {
        return new HttpStatusCodeResult(401, "User is not authenticated."); 
            // Returns "302: Found"
    }

   // ... other code ...
}

修改1：有趣的一点：

如果我有404这样的替换401：

If I replace the 401 with a 404 like this:

return new HttpNotFoundResult("User is not authenticated.");

然后，它确实给了404和jQuery能赶上问题。然而，它不是一个完美的解决方案作为错误code是不同的。

Then it indeed gives a 404 and jQuery can catch the problem. However it's not an elegant solution as the error code is different.

编辑2： 302是不是为我好，因为其结果将在 jQuery.get（）被用来失败（），但302不会TRIGER 失败（）

EDIT 2: 302 is not good for me, as the result would be used in jQuery.get().fail(), but 302 won't triger fail()

推荐答案

洛尔这是一个真棒问题

在权威性MVC的工作方式是，当你还没有登录，并尝试访问安全的页面，它抛出一个异常401。 MVC然后捕获该异常，并且用户到登录页面重定向（这是你所看到的302）

The way auth works in MVC is that when you aren't logged in and try to access a secure page it throws a 401 exception. MVC then catches this exception and redirects the user to the login page (which is the 302 you are seeing)

我想有一些事情你可以做些什么来解决这个问题：

I suppose there's a few things you can do to fix it:

• 忽略它，它可能仍要行为


• 禁用登录页面重定向（菲尔哈克对这个有好的文章：<一href=\"http://haacked.com/archive/2011/10/04/$p$pvent-forms-authentication-login-page-redirect-when-you-donrsquot-want.aspx\">http://haacked.com/archive/2011/10/04/$p$pvent-forms-authentication-login-page-redirect-when-you-donrsquot-want.aspx)

• Ignore it, its probably the behaviour you want anyway
• Disable login page redirection (phil haack has a good article on this here: http://haacked.com/archive/2011/10/04/prevent-forms-authentication-login-page-redirect-when-you-donrsquot-want.aspx)

修改

根据您的意见，当通过AJAX请求以下code将关闭所有重定向到401S。这是一种方法，以避免可能发生的问题。

As per your comments, the following code will turn all redirects into 401s when requested via ajax. This is one approach for avoiding the issue listed

public class MvcApplication : HttpApplication {
    protected void Application_EndRequest() {
        var context = new HttpContextWrapper(Context);
        // If we're an ajax request, and doing a 302, then we actually need to do a 401
        if (Context.Response.StatusCode == 302 && context.Request.IsAjaxRequest()) {
            Context.Response.Clear();
            Context.Response.StatusCode = 401;
        }
    }
}

这篇关于的HTTPStatus codeResult（401）的回报＆QUOT; 302计算值：QUOT;的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！