1

I am implementing ServiceStack side-by-side with a MVC application. My main application uses form authentication which is configured in my web.config. When the authentication of fails, I don't get the 401 UnAuthorized as I expect I should. (reference: https://stackoverflow.com/a/13073251/743752)

I have added HtmlRedirect = null to my AuthFeature but this did not work. My request are returning with what is my login page. ~/Login?ReturnUrl=%2fapi%2fauth%2fcredentials
Im sending my payload as POST with content-type: application/json

Is there another way of disabling redirects on failed login?

Community
  • 1
  • 1
Chris
  • 315
  • 1
  • 2
  • 16

1 Answers1

1

Are you using FormsAuthentication and ServiceStack Authentication in the same application? I think MVC is doing the redirect (not ServiceStack) because you have the <authentication> element in your web.config...probably something like...

<authentication mode="Forms">
  <forms loginUrl="~/Login" />
</authentication>

If you don't need FormsAuthentication you can remove this <authentication> element from you web.config file.

paaschpa
  • 4,816
  • 11
  • 15
  • And if I do need it for the existing side of the app is there a way to disable it for maybe a location (/ api)? – Chris May 20 '13 at 16:53
  • 1
    Not sure. This -> http://stackoverflow.com/questions/4616524/turning-off-asp-net-webforms-authentication-for-one-sub-directory/8950763#8950763 and this -> https://github.com/ServiceStack/ServiceStack/issues/496 might help – paaschpa May 20 '13 at 17:20
  • Fixed with the suggestion of @paaschpa for pointing me in the correct direction. https://github.com/ServiceStack/ServiceStack/wiki/Form-Hijacking-Prevention – Chris May 20 '13 at 21:26