diff --git a/src/Abp.Web.Api/WebApi/Authorization/AbpApiAuthorizeAttribute.cs b/src/Abp.Web.Api/WebApi/Authorization/AbpApiAuthorizeAttribute.cs index 55937dd8ff..e586ec2f6c 100644 --- a/src/Abp.Web.Api/WebApi/Authorization/AbpApiAuthorizeAttribute.cs +++ b/src/Abp.Web.Api/WebApi/Authorization/AbpApiAuthorizeAttribute.cs @@ -1,4 +1,5 @@ -using System.Web.Http; +using System.Web; +using System.Web.Http; using System.Web.Http.Controllers; using Abp.Authorization; using Abp.Dependency; @@ -50,5 +51,22 @@ protected override bool IsAuthorized(HttpActionContext actionContext) return false; } } + + protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) + { + var httpContext = HttpContext.Current; + if (httpContext == null) + { + base.HandleUnauthorizedRequest(actionContext); + return; + } + + httpContext.Response.StatusCode = httpContext.User.Identity.IsAuthenticated == false + ? (int)System.Net.HttpStatusCode.Unauthorized + : (int)System.Net.HttpStatusCode.Forbidden; + + httpContext.Response.SuppressFormsAuthenticationRedirect = true; + httpContext.Response.End(); + } } } diff --git a/src/Abp.Web.Mvc/Web/Mvc/Authorization/AbpMvcAuthorizeAttribute.cs b/src/Abp.Web.Mvc/Web/Mvc/Authorization/AbpMvcAuthorizeAttribute.cs index 6732695e24..5a7a5fe357 100644 --- a/src/Abp.Web.Mvc/Web/Mvc/Authorization/AbpMvcAuthorizeAttribute.cs +++ b/src/Abp.Web.Mvc/Web/Mvc/Authorization/AbpMvcAuthorizeAttribute.cs @@ -61,15 +61,12 @@ protected override void HandleUnauthorizedRequest(AuthorizationContext filterCon return; } - var user = httpContext.User; - var response = httpContext.Response; - - response.StatusCode = user.Identity.IsAuthenticated == false + httpContext.Response.StatusCode = httpContext.User.Identity.IsAuthenticated == false ? (int) System.Net.HttpStatusCode.Unauthorized : (int) System.Net.HttpStatusCode.Forbidden; - response.SuppressFormsAuthenticationRedirect = true; - response.End(); + httpContext.Response.SuppressFormsAuthenticationRedirect = true; + httpContext.Response.End(); } } }