ServiceStack身份验证失败时,不重定向？

Question

我们正在构建一个将使用基本身份验证的ServiceStack API.我目前在AppHost中设置了auth,如下所示:

var authDb = new OrmLiteConnectionFactory("Server=(...);", true, MySqlDialectProvider.Instance);

var authRepo = new OrmLiteAuthRepository(authDb);
authRepo.CreateMissingTables();
container.Register<ICacheClient>(c => new MemoryCacheClient());
container.Register<IUserAuthRepository>(c => authRepo);

Plugins.Add(
    new AuthFeature(() => new AuthUserSession(), new IAuthProvider[] { new BasicAuthProvider() })
);

当执行没有Authorization标头或错误用户名的请求时+传递响应是重定向到/Account/Login.aspx?ReturnUrl = ...

Parital request + response示例:

POST http://localhost:60278/reserve HTTP/1.1

HTTP/1.1 302 Found
Location: /Account/Login.aspx?ReturnUrl=%2freserve
X-Powered-By: ServiceStack/3,924 Win32NT/.NET

有没有办法让它只响应HTTP 401 Unauthorized或HTTP 403 Forbidden？

Answer 1

默认情况下,ServiceStack的AuthFeature只会尝试将您重定向到HTML Content-Type请求的默认~/login路径.您可以通过将AuthFeature中的重定向路径设置为null来覆盖它:

Plugins.Add(new AuthFeature(...) { HtmlRedirect = null });

这将回退到401 UnAuthorized其他Content-Types获得的标准Response.

在将HtmlRedirect全局设置为null后,您可以在adhoc基础上将其添加回来,例如:

[Authenticate(HtmlRedirect="~/path/to/redirect/to")]