2

I have an ASP.net MVC3 app running under IIS7 with forms auth enabled. There is also a co-hosted Nancy service hosted under a folder in the application.

The problem is that anytime a Nancy service returns a 401 (Unauthorized) status the request is automatically redirected to the login page.

is there a way to tell ASP.net to ignore 401 errors returning from that folder and just return the original json response?

Stefan Moser
  • 6,663
  • 9
  • 35
  • 48
kay.one
  • 7,622
  • 6
  • 55
  • 74
  • 1
    Check this: http://stackoverflow.com/questions/123726/401-response-code-for-json-requests-with-asp-net-mvc check the http://haacked.com/archive/2011/10/04/prevent-forms-authentication-login-page-redirect-when-you-donrsquot-want.aspx – bdoshi Jul 12 '12 at 21:24
  • @bdoshi turns out that it doesn't solve my issue, since by then the original response that was generated by nancy is already overwritten. I need to preserve the nancy response. – kay.one Jul 12 '12 at 21:52
  • I think this alternative: http://stackoverflow.com/a/1072996/1373170 Is probably what you are looking for. Intercept the redirection response, and check if it's an ajax call and being redirected to the login, and force a 401. – Pablo Romeo Jul 12 '12 at 21:52
  • Thats the one I used, but the problem is that by the time the request is about to end the content of the message has been replaced. – kay.one Jul 12 '12 at 21:57

2 Answers2

0

I know this is old but I'll reply anyway.

It sounds like you have Forms Auth for the MVC website, and using Nancy as an API under say /nancy

To disable the authentication in that directory path you can add a location in your web.config, you most likely have one already to setup Nancy to run.

Something like:

<location path="nancy">
  <system.web>
    <compilation debug="true" targetFramework="4.0" />
    <httpHandlers>
      <add verb="*" type="Nancy.Hosting.Aspnet.NancyHttpRequestHandler" path="*"/>
    </httpHandlers>
  </system.web>

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <validation validateIntegratedModeConfiguration="false"/>
    <handlers>
      <add name="Nancy" verb="*" type="Nancy.Hosting.Aspnet.NancyHttpRequestHandler" path="*"/>
    </handlers>
  </system.webServer>
</location>

All you need to do in here is allow anonymous access, this can be done by adding authorization into system.web. Update the system.web like so:

<system.web>
  <compilation debug="true" targetFramework="4.0" />
  <httpHandlers>
    <add verb="*" type="Nancy.Hosting.Aspnet.NancyHttpRequestHandler" path="*"/>
  </httpHandlers>

  <authorization>
    <allow users="*"/>
  </authorization>
</system.web>

And this should ignore authentication for the folder now.

Phill
  • 18,398
  • 7
  • 62
  • 102
-1

In the controller you can paint the Action (or entire Controller) with the AllowAnonymousAttribute

[AllowAnonymous]
public ActionResult DoSomething()
{
    return View();
}
naspinski
  • 34,020
  • 36
  • 111
  • 167
  • 1. its not a controller. I'm using nancy, 2. I don't need to by pass auth. I still need to return a 401, I just need it to not redirect to the login page. – kay.one Jul 12 '12 at 21:07