Disable BasicAuth fallback

17 Views Asked by Barry At 27 March 2024 at 16:37

According to the documentation: https://docs.servicestack.net/auth/authentication-and-authorization#authenticating-with.net-service-clients

Although behind-the-scenes it ends up making 2 requests, 1st request sends a normal request which will get rejected with a 401 Unauthorized and if the Server indicates it has the BasicAuthProvider enabled it will resend the request with the HTTP Basic Auth credentials.

We are using the typescript JsonClient:

https://api.locode.dev/classes/client.JsonServiceClient.html#responseFilter

We are using basic auth but on specific endpoints but do not want to fallback to it. Is there a way to disable this fallback ?

Original Q&A

There are 1 best solutions below

mythz On 28 March 2024 at 01:56

Browsers will automatically resend a failed 401 Basic Authenticate which responds with a WWW-Authenticate HTTP Response header.

You can override OnFailedAuthentication() to prevent it from returning a HttpHeaders.WwwAuthenticate in a custom AuthProvider:

public virtual Task OnFailedAuthentication(IAuthSession session, IRequest httpReq, IResponse httpRes)
{
    httpRes.StatusCode = (int)HttpStatusCode.Unauthorized;
    httpRes.AddHeader(HttpHeaders.WwwAuthenticate, "{0} realm=\"{1}\"".Fmt(this.Provider, this.AuthRealm));
    return HostContext.AppHost.HandleShortCircuitedErrors(httpReq, httpRes, httpReq.Dto);
}

Disable BasicAuth fallback

There are 1 best solutions below

Related Questions in AUTHENTICATION

Related Questions in SERVICESTACK

Trending Questions

Popular # Hahtags

Popular Questions