Best IT Recipes

Prevent ASP.NET redirect to login.aspx

We have a website that fully runs on AngularJS with an ASP.NET Web API with the following configuration: - HTML5 routing is enabled in Angular, and there is a rewrite rule in web.config to direct all traffic to index.html - MVC is not set (shaving pages only) - Authentication occurs using authentication using forms and cookies associated with it

I just added the Helicon IIS plugin to protect the .htaccess password for our development server (it is a mess to do this using IIS), but I have a main problem.

After entering the basic authentication data, I get redirected to /login.aspx?ReturnUrl= , and although I'm not sure who is responsible for this (IIS or Helicon plugin), it will match one of my AngularJS routes and will result in an error.

How can I stop this redirect?

My web.config authentication bit:

 <authentication mode="Forms"> <forms protection="All" timeout="15" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="false" cookieless="UseCookies" enableCrossAppRedirects="false" /> </authentication>
+5
angularjs asp.net-mvc .htaccess
Aug 29 '13 at 19:25
source share
2 answers

If you are using ASP.NET 4.5. You can disable authentication redirection using the HttpResponse.SuppressFormsAuthenticationRedirect property.

At Global.asax:

 protected void Application_BeginRequest(Object sender, EventArgs e) { HttpApplication context = (HttpApplication)sender; context.Response.SuppressFormsAuthenticationRedirect = true; }
+14
Aug 29 '13 at 19:45
source share

In general, I put this in global.asax

 protected void Application_BeginRequest(object sender, EventArgs e) { var context = new HttpContextWrapper(Context); // set flag only if forms auth enabled and request comes from ajax if (FormsAuthentication.IsEnabled && context.Request.IsAjaxRequest()) { context.Response.SuppressFormsAuthenticationRedirect = true; } }

and for IsAjaxRequest() used this

 public static bool IsAjaxRequest(this HttpRequestBase request) { if (request == null) { throw new ArgumentNullException("request"); } var context = HttpContext.Current; var isCallbackRequest = false;// callback requests are ajax requests if (context != null && context.CurrentHandler is Page) { isCallbackRequest = ((Page)context.CurrentHandler).IsCallback; } return isCallbackRequest || request["X-Requested-With"] == "XMLHttpRequest" || request.Headers["X-Requested-With"] == "XMLHttpRequest"; }

therefore, for all request forms, ajax auth will no longer be redirected. This is the best solution I have found.

And, optionally, put this in the client code to reload the page after receiving responses to error 401.

 $(document).ajaxError(function (xhr, props) { if (props.status === 401) { location.reload(); } });
+5
Sep 04 '15 at 7:49
source share


More articles:


All Articles