-
Notifications
You must be signed in to change notification settings - Fork 599
Do not redirect to login page with Cookie Authentication #1541
Comments
This is essentially a dup of #1394 To use APIs we recommend using bearer authentication instead of cookies. The cookie auth flow is designed for interactive web apps only. |
Thank you for your response. I am aware JWT is the best fit for my use case... but cookie auth is what's already implemented and I would like to keep as much of the working code as possible. Do you know some reliable workaround or should I really refactor the application in order to use JWT? I am going to follow your recomendation anyway. |
Using JWT is recommended. We plan on getting some documentation on these scenarios but we haven't gotten to it yet. |
Docs on this will be really appreciated! I'm having a hard time with this because I have no experience with web applications. Thank you for your guidance! |
My
ConfigureServices
method have the following code:And my controllers have
On top of them, which redirects to
/Login
when user is not authenticated.This behaviour is fine for my regular mvc controllers.
The problem is for my rest-like endpoints (their responses should be json-only). When user is not logged in it automatically sends the raw html of the login page but the client is expecting a json.
(yes, the same application has both kinds of controllers)
How can I configure my application such that some controllers respond with
401
instead of redirecting to/Login
?I am using net core 2.0.
The text was updated successfully, but these errors were encountered: