Abp: Requesting to an API without authorization is redirected to Login page
I read the document:
Client explicitly accepts the application/json content type (via accept HTTP header).
The ABP version: 3.0.1
The startup template: app with MVC-UI
Configurations in WebModule is following the startup template.
Other information:
- Requesting with
XMLHttpRequest = X-Requested-Withdoes not redirect to the login page, but get empty content with 401 status code.
gdlcf88
All 7 comments
I see https://github.com/abpframework/abp/issues/2643#issuecomment-574940166, it explained the reason.
Does it mean I must manually create controllers?
gdlcf88
on 17 Jul 2020
Is there a convenient way to configure the authorization for all the auto controller methods? Something like
ConfigureAutoController(opt => opt.UseAnonymousForAll())
@maliming
wakuflair
on 1 Sep 2020
AutoController depends on the [Authorize] attribute on the application service.
maliming
on 1 Sep 2020
The [Authorize] returns 401 if authorization failed, but AutoController redirects to the login page.
It's hard for mobile or other clients that only using API as a server due to this behaviour.
wakuflair
on 1 Sep 2020
This is the behavior of asp net core unless we use other methods to implement auto controllers.
maliming
on 1 Sep 2020
See https://github.com/abpframework/abp/issues/5235#event-3716370525
maliming
on 2 Sep 2020
The
[Authorize]returns 401 if authorization failed, butAutoControllerredirects to the login page.It's hard for mobile or other clients that only using API as a server due to this behaviour.
This issue has been added to the milestone. See https://github.com/abpframework/abp/milestone/39
yincen
on 3 Sep 2020
Related issues
SmallShrimp
路
3Comments
mehdihadeli
路
3Comments
hikalkan
路
3Comments
hitaspdotnet
路
3Comments
leonkosak
路
3Comments
Most helpful comment
The
[Authorize]returns 401 if authorization failed, butAutoControllerredirects to the login page.It's hard for mobile or other clients that only using API as a server due to this behaviour.