发送消息,401:Asp.net Web的API [英] Sending message with 401: Asp.net Web-api
问题描述
我在asp.net网页API。在登录方法我对数据库检查用户名/密码,如果他们不匹配,我与无效的用户名或密码方式像
I am in asp.net web api. In login method i check the user/password against the db and if they do not match, I return 401 status code along with invalid user or password method like
var content = new StringContent("Invalid user name or password");
var message = new HttpResponseMessage(HttpStatusCode.Unauthorized);
message.Content = content;
throw new HttpResponseException(message);
但API似乎忽略我的消息,并简单地返回一些HTML像
But API seems to ignore my message and simply return some html like
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
这是为什么?我怎么能覆盖此?
Why is that? How can I override this?
感谢
推荐答案
我相信你所得到的回应是从IIS而不是从网络API。如果你想处理您的API中自己的身份验证过程中,你需要告诉IIS是允许匿名访问,使其摆脱了道路。
I believe the response you are getting is from IIS and not from Web Api. If you want to handle the authentication process yourself within your API you need to tell IIS that anonymous access is allowed so that it will get out of the way.
此外,当您返回一个401,你必须返回一个WWW身份验证头(见的 http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2 )。这告诉什么身份验证类型是允许客户端。
Also, when you return a 401 you MUST return a www-authenticate header (see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2). This tells the client what type of authentication is allowed.
这篇关于发送消息,401:Asp.net Web的API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
