WICH HTTP状态code说的用户名或密码不正确？ [英] Wich HTTP status code to say username or password were incorrect?

问题描述

我实现了一个简单registation /登录模块。

I am implementing a simple registation/login module.

在测试用户凭据，我开始思考它，如果用户发送带有不正确的凭据请求HTTP状态code将是适当的，为的情况。

While testing user credentials, I start thinking which HTTP status code will be appropriate, for the situation if a user send a request with incorrect credentials.

起初，我以为401未授权将是一个不错的状态code，但现在看来，这将是更好地使用它，当一个用户试图获得未经授权的一些​​资源。

At first, I thought 401 Unauthorized would be a nice status code, but it seems it will be better to use it when a user is trying to get some resource without authorisation.

后，我切换到409冲突

After, I switched to 409 Conflict

这code只允许在预计用户可能能够解决冲突并重新提交请求的情况。

This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request.

所以，朋友们，请给我一个提醒，状态code应该使用哪个。

So, friends, please give me an advise, which status code should be used.

推荐答案

如果您使用HTTP认证由RFC 7235定义，401将是正确的（缺失或不正确的凭据）。

If you use HTTP authentication as defined by RFC 7235, 401 would be correct (for missing or incorrect credentials).

否则，使用403。

这篇关于WICH HTTP状态code说的用户名或密码不正确？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！