Handle 401/403 difference in web api auth filter.

JL-Code · Jul 11, 2016 · 6a84fad · 6a84fad
1 parent e2b33d6
commit 6a84fad
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 7 deletions.
diff --git a/src/Abp.Web.Api/WebApi/Authorization/AbpApiAuthorizeAttribute.cs b/src/Abp.Web.Api/WebApi/Authorization/AbpApiAuthorizeAttribute.cs
@@ -1,4 +1,5 @@
-using System.Web.Http;
+using System.Web;
+using System.Web.Http;
 using System.Web.Http.Controllers;
 using Abp.Authorization;
 using Abp.Dependency;
@@ -50,5 +51,22 @@ protected override bool IsAuthorized(HttpActionContext actionContext)
                 return false;
             }
         }
+
+        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
+        {
+            var httpContext = HttpContext.Current;
+            if (httpContext == null)
+            {
+                base.HandleUnauthorizedRequest(actionContext);
+                return;
+            }
+
+            httpContext.Response.StatusCode = httpContext.User.Identity.IsAuthenticated == false
+                                      ? (int)System.Net.HttpStatusCode.Unauthorized
+                                      : (int)System.Net.HttpStatusCode.Forbidden;
+
+            httpContext.Response.SuppressFormsAuthenticationRedirect = true;
+            httpContext.Response.End();
+        }
     }
 }
diff --git a/src/Abp.Web.Mvc/Web/Mvc/Authorization/AbpMvcAuthorizeAttribute.cs b/src/Abp.Web.Mvc/Web/Mvc/Authorization/AbpMvcAuthorizeAttribute.cs
@@ -61,15 +61,12 @@ protected override void HandleUnauthorizedRequest(AuthorizationContext filterCon
                 return;
             }
 
-            var user = httpContext.User;
-            var response = httpContext.Response;
-
-            response.StatusCode = user.Identity.IsAuthenticated == false
+            httpContext.Response.StatusCode = httpContext.User.Identity.IsAuthenticated == false
                                       ? (int) System.Net.HttpStatusCode.Unauthorized
                                       : (int) System.Net.HttpStatusCode.Forbidden;
 
-            response.SuppressFormsAuthenticationRedirect = true;
-            response.End();
+            httpContext.Response.SuppressFormsAuthenticationRedirect = true;
+            httpContext.Response.End();
         }
     }
 }