FormAuthentication using WebAPI using Breeze

Question

FormAuthentication using WebAPI using Breeze

I protect WebAPI using forms Authentication using Breezecontroller When I try to call the WebAPi method, I return the following error.

Status: 404 statusText: "Not found" message: "MetaData request error for: '';, the resource Http tha matches was not found ...

My question is: why am I not returning "UnAuthorized error (401)"? metadata is also embellished with [Authorize].

FormsAuthentication redirection seems to give a problem. It redirects to the login method (has AllowAnonymous) WebApi and reports that it cannot find, although I have. I also apply Authrozie to methods instead of the controller. exact mistake

{"$id":"1","$type":"System.Web.Http.HttpError,System.Web.Http","Message":"NoHTTPresourcewasfoundthatmatchestherequestURI'http://localhost:40678/api/Country/Login?ReturnUrl=/api/Country/Metadata'.","MessageDetail":"Noactionwasfoundonthecontroller'Country'thatmatchestherequest."}

+4

breeze

Nss Jan 18 '13 at 16:58

source share

2 answers

by tagging BreezeController using [Authorize], and then trying to get Breeze metadata directly using this link:

 Request URL:http://localhost/breeze/breeze/metadata

redirected to:

 http://localhost/Login?ReturnUrl=%2Fbreeze%2Fbreeze%2Fmetadata with a 404

Without [Authorize] access to Breeze metadata with the same link works fine.

0

Jennifer Oct 24 '14 at 9:31

source share

Ward · Accepted Answer · 2013-01-18T19:25:02+0000

Just tried and worked fine. I am sure you have an error in your URL.

Here is my preliminary controller:

  [Authorize]
 [BreezeController]
 public class BreezeTodoController: ApiController
 {
     private readonly BreezeTodoContext _context;

     public BreezeTodoController () {
         _context = new BreezeTodoContext (User);
     }

     [HttpGet]
     public string Metadata () {
         return _context.Metadata ();
     }
     // ... more

I hit it with this url

  http: // localhost: 32377 / api / breezetodox / metadata

And I will return 401

  Request URL: http: // localhost: 32377 / api / breezetodo / metadata
 Request Method: GET
 Status Code: 401 Unauthorized

But if I am mistaken in the url (see "x" after breezetodo)

  Request URL: http: // localhost: 32377 / api / breezetodox / metadata
 Request Method: GET
 Status Code: 404 Not Found

Same thing if my action name does not match (see "x" after metadata):

  Request URL: http: // localhost: 32377 / api / breezetodo / metadatax
 Request Method: GET
 Status Code: 404 Not Found

In other words, HTTP cannot report that a resource is unauthorized if it cannot find this resource in the first place.

FormAuthentication using WebAPI using Breeze

More articles: