Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Response code 401 triggering basic authentication before the jquery ajax error handler

Tags:

jquery

asp.net-mvc-3

I have a scenario where I have to handle authentication of ajax requests using "Forms Authentication". Based on some search and help from my earlier stackoverflow post, I had decided to use the method described at here.

The idea is to send back a 401 response for unauthenticated requests, and then handle that in the AJAX error handler. So I have an AJAX error handler in my ASP.net MVC3 Layout page that redirects the browser to the login page when it receives 401 response on unauthenticated ajax requests. Here is the ajax error handler.

$(document).ajaxError(function (event, jqXHR, ajaxSettings, thrownError) {
    if (jqXHR.status == "401") {
        window.location.replace(loginUrl);
    }
    ....
});

This all works well on my local IIS 7.5 Server. But on the server where my site is hosted, unfortunately, I get a basic authentication popup on unauthenticated ajax requests (for example session timed out), before the AJAX error handler runs and redirects the browser to the login page. When I cancel the "Authentication Required" popup by pressing the Cancel button, the AJAX error handler then runs and I am redirected to the login page.

So, why does the browser show the authentication popup before running the AJAX error handler?

Edit: The Hosting Server is running IIS 6.

like image 798
Jatin Avatar asked Jan 09 '12 14:01

Jatin

2 Answers

as Softlion said

This is a common question with an easy answer. the 401 is transformed into a 302 to the login >page by the .net authorization module. The browser never see the 401 only the 302.

if you are using .net 4 and later, you use code below

HttpContext.Response.SuppressFormsAuthenticationRedirect = true;

it work's fine for me.

like image 153
reZa Avatar answered Sep 19 '22 19:09

reZa

This is a common question with an easy answer. the 401 is transformed into a 302 to the login page by the .net authorization module. The browser never see the 401 only the 302.

Of course this is not playing nicely with ajax calls.

The best solution i tryed and i'm currently using involve writing a new attribute which is catching 401 and tranform it into ... 409 which is catched by the jquery ajax handler.

It is part of a paid product so i can not give any code.

like image 35
Softlion Avatar answered Sep 21 '22 19:09

Softlion
Sign in to Comment

Related questions

An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type
how to create an HTML Helper to Extend TextBoxFor() to add CSS style?
How Disable Browser Back Button only after Logout in mvc3.net
MVC 3 Razor. Partial View validation is not working
Adding namespaces to ASP.NET MVC 3 views
Sending normal request in jquery ( not ajax)
How to combine two dataTextFields for SelectList Description in asp.net MVC 3 using @Html.DropDownListFor
Return html string from controller and display in view
How do I output xml with ASP.NET razor?
MVC 3 Area route not working
How to call stored procedure in MVC by EF
MVC 3 Display HTML inside a ValidationSummary
ASP MVC Razor foreach inside Javascript block
So is an [Email] attribute built in ASP.NET MVC 3 or not?
MVC3 Razor: how to check if model is empty
Entity Framework 4 with MySQL connector 6.4.3 autogenerate tables causes "Column Length" exception
The Image Optimization Framework was not initialized
Securing website assemblies with new code security model
Questions about a Custom Security setup for MVC3 using overridden AuthorizeAttribute, thread safety, ChildActions and caching

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!