I have an MVC 5.1 site with a controller with one POST action. I have an Android app that I want to use POST using basic authentication. I created the BasicAuthorizeAttribute class and applied it to my controller, and for testing purposes, it rejects everything:
public class BasicAuthorizeAttribute : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { return false; } protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { filterContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true; base.HandleUnauthorizedRequest(filterContext); } }
I can go through my HandleUnauthorizedRequest in the debugger, but Fiddler shows that the POST response is a 302 redirect to the login page. I thought SuppressFormsAuthenticationRedirect should have prevented this. This is a problem because the Android application follows the forwarding and receives 200 OK from the login request, so a POST message appears. What am I doing wrong?
Evan b
source share