将我的ASP.NET Core项目升级到2.0后,尝试访问受保护的端点不再返回401,而是重定向到(不存在的)端点以尝试让用户进行身份验证.
所需的行为是应用程序只是返回401.以前我会AutomaticChallenge = false在配置身份验证时设置,但根据这篇文章,设置不再相关(实际上它不再存在).
我的身份验证配置如下:
Startup.cs.ConfigureServices():
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(o =>
{
o.Cookie.Name = options.CookieName;
o.Cookie.Domain = options.CookieDomain;
o.SlidingExpiration = true;
o.ExpireTimeSpan = options.CookieLifetime;
o.TicketDataFormat = ticketFormat;
o.CookieManager = new CustomChunkingCookieManager();
});
配置():
app.UseAuthentication();
如何禁用自动质询,以便在用户未经过身份验证时应用程序返回401?
关于这个问题的答案,我默认使用以下代码添加了对所有内容的授权:
public void ConfigureServices(IServiceCollection aServices)
{
aServices.AddMvc(options =>
{
var lBuilder = new AuthorizationPolicyBuilder().RequireAuthenticatedUser();
var lFilter = new AuthorizeFilter(lBuilder.Build());
options.Filters.Add(lFilter);
});
aServices.AddMvc();
}
public void Configure(IApplicationBuilder aApp, IHostingEnvironment aEnv, ILoggerFactory aLoggerFactory)
{
aApp.UseCookieAuthentication(options =>
{
options.AuthenticationScheme = "Cookies";
options.AutomaticAuthentication = true;
});
}
但是,当有人试图访问未经授权的内容时,它会返回一个(看似默认的)重定向URL(http://foo.bar/Account/Login?ReturnUrl=%2Fapi%2Ffoobar%2F).
我希望它只返回HTTP 401,而不是重定向.
如何在ASP.NET 5中为WebAPI执行此操作?