ServiceStack service is getting redirected to MVC forms login page

Question

I've writing some tests on ServiceStack services that require authentication using a custom CredentialAuthenticationProvider.

If I create a test by not authenticating with servicestack, I get a serialization error instead of a 401 error. Serialization error is because the service is redirecting to the MVC login HTML page.

How can I prevent a redirect to MVC when the call is on the /api/ path for serviceStack services so that the service returns a 401 instead?

    [TestMethod]
    public void DeleteUser_not_authenticated()
    {
        var client = new JsonServiceClient(STR_APIURL);
        var resp1 = client.Post(new Auth() { UserName = "user", Password = "***" });
        Assert.IsTrue(resp1.UserName == "user");
        var user = client.Get(new GetSupportUser { Email = "test@gmail.com" });
        client.Post(new Auth { provider = "logout" });
        try
        {
            var resp = client.Delete(user);

        }
        catch (HttpException e)
        {
            Assert.IsTrue(e.GetHttpCode() == 401);
        }
    }

Edit

Per Mythz suggestion, I tried this in global.aspx, but this didn't stop the redirect:

    protected void Application_EndRequest(object src, EventArgs e)
    {
        ServiceStack.MiniProfiler.Profiler.Stop();

        var ctx = (HttpApplication)src;
        if (ctx.Request.Path.Contains("/api/"))
            ctx.Response.SuppressFormsAuthenticationRedirect = true;
    }

mythz · Answer 1 · 2015-03-01T23:15:08.063

0

If you're using .NET 4.5, you can disable built-in authentication redirect by setting HttpResponse.SuppressFormsAuthenticationRedirect=true which you can add in your Global.asax.cs:

protected void Application_EndRequest(Object sender, EventArgs e)
{
    var ctx = (HttpApplication)sender;
    var suppressForPath = ctx.Request.PathInfo.StartsWith("/api");
    ctx.Response.SuppressFormsAuthenticationRedirect = suppressForPath;
}

For earlier versions of ASP.NET see ServiceStacks docs on Form Hijacking Prevention for registering a custom SuppressFormsAuthenticationRedirectModule IHtptModule to prevent this.

edited Mar 01 '15 at 23:15

answered Mar 01 '15 at 22:17

mythz

141,670
29
246
390

I can't do that since I have an MVC front-end that is using the forms authentication. This answer I think is close, but it relates to calls from AJAX http://stackoverflow.com/a/13811295/4621260. – brussell Mar 01 '15 at 23:06
I might be able to get your suggestion to work if I check the request for /api* in the path. – brussell Mar 01 '15 at 23:12
I tried this as you were answering (see my edit). It didn't stop the redirect. – brussell Mar 01 '15 at 23:24

score 0 · Accepted Answer · answered Mar 01 '15 at 23:46

I changed @mythz answer to the Begin_Request instead of End_Request and it is now preventing redirect to forms authentication and returning 401 response.

    protected void Application_BeginRequest(object src, EventArgs e)
    {
        var ctx = (HttpApplication) src;
        var suppressForPath =ctx.Request.Path.StartsWith("/api");
        ctx.Response.SuppressFormsAuthenticationRedirect = suppressForPath;
    }

ServiceStack service is getting redirected to MVC forms login page

2 Answers2