HTTP Response Unauthorized redirects to login.aspx

Question

I'm newbie in web programming with C#, and developing WCF RESTful services for Mobile Applications.

In REST service class, I set up response code as HTTP 401 Unauthorized, but it redirects other page suddenly.

Here's my service code:

    [WebGet]
    public string login(string id, string password)
    {
        if (Membership.ValidateUser(id, password))
        {
            FormsAuthentication.SetAuthCookie(id, false);

            WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.OK;
            return "Login Succeeded";
        }
        else
        {
            WebOperationContext.Current.OutgoingResponse.StatusCode = HttpStatusCode.Unauthorized;
            return "Login Failed";
        }
    }

If login is succeeded, it works fine, but if I enter wrong password, this page redirects to

http://localhost:50195/login.aspx?ReturnUrl=%2fuser%2flogin%3fid%3dtest74323%26password%3d535201&id=test74323&password=####

I thinks there's auto-redirecting to user login page configuration, how can I off that configuration? I think problem is complicated while I'm using form authentication in the service.

I'm using form authentication with login cookie, I know that is not RESTful way, but I can't help it due to integration with other services. (in-company matter, hh)

And if there's some not-wrong but better way to implement login service, please let me know.

How can I show better error message when I access service with web browser? I know there's nothing to return if login is succeeded, I thought I'd better show string value if client accesses with web browser.

In your configuration file is there an `authentication` section with login page for forms authentication? — Ladislav Mrnka, Jul 05 '11 at 08:54
nope. there is only form authentication provider. I thinks there's default configuration to redirect login.aspx, how can I change it? — moon6pence, Jul 05 '11 at 09:22

score 1 · Accepted Answer · edited May 23 '17 at 10:33

I found answer in the link below:

Forms authentication: disable redirect to the login page

There's many way to probe this situation, dirty-and-quick sorted hh

use other response code and change it at EndRequest
implement HttpModule and change redirect 302 code to unauthenticated 401 again.
don't use FormsAuthenticationModule, and re-implement your own Application_AuthenticateRequest

I choose 2. I think 1. is too dirty, 3. is too slow and big work.

score 0 · Answer 2 · answered Jul 05 '11 at 09:32

0

You can change default login url in authentication section as below:

<authentication mode="Forms">
    <forms loginUrl="Login.aspx" />
</authentication>

Hope it helps :)

answered Jul 05 '11 at 09:32

Tu Tran

1,957
1
27
50

I tried that option, but I can only set the where to redirect, it cannot be disabled. – moon6pence Jul 06 '11 at 06:54

HTTP Response Unauthorized redirects to login.aspx

2 Answers2