3

I have API controller in ASP.NET Core application as following.

[Route("api")]
public class UserController : Controller
{
    [HttpGet("{userName}/product_info")]
    public IActionResult GetProductInfo(string userName)
    {
        List<ProductInfo> productInfos = _repo.GetProductInfoByUserName(userName);
        if (productInfos.Count > 0)
            return Ok(productInfos);
        else
            return BadRequest("Unable to process requrest");
    }
}

I can call above API using /api/{username}/product_info. I have am using UseStatusCodePagesWithRedirects() to redirect to 404 page when user enters the wrong url. The problem here is that when I use wrong API url such as /api/{username}/product_o. It redirects to 404 page and returns status code of 200. I am using this API with angular.js. Since API returns 404 page on wrong URL with status code of 200, error function of then method of $http is never called and in response.data I get the HTML of 404 page. How do I return status code of 404 when wrong API URL is called and return normal 404 page when wrong NON API URL is called? Below is the screen shot of what I am getting when I call wrong API URL. enter image description here

Based on @Daboul suggestion and solution on this link Adding following part in configure method of startup.cs works.

Func<HttpContext, bool> isApiRequest = (HttpContext context) => context.Request.Path.ToString().Contains("/api/");
app.UseWhen(context => !isApiRequest(context), appBuilder =>
{
     appBuilder.UseStatusCodePagesWithRedirects("~/Error/{0}");
});
Improve this question

1 Answer 1

Reset to default
3

I believe that by using middlewares like UseStatusCodePages() or UseStatusCodePagesWithRedirects(), you are deciding to actually return a proper HTML page containing the error code (which require to send to the browser a code 200) instead of returning the code in itself. It's usually considered as a good practice in terms of security. What you are experiencing seems logical to me. Maybe, I'm not sure it would help in your case, what you could do is limit the usage of UseStatusCodePagesWithRedirects() to all the controllers but the api one using a UseWhen(), so that any wrong URL on this particular "/api/" controller would still returns 404? Or parse the answer in your angular to detect if any error occured.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I am new to angular.js so I can not do much on the javascript side. On ASP.NET side what kind of middleware should I use to exclude API controller from using StatusCodePages? This problem also happens when I add Authorize attribute to the API controller. After adding Authorize attribute when I try to access API without signing in, It returns Login page with 200 status code. I had to remove Authorize attribute because of this.
UseWhen() would do the job. You can find an example here for instance: stackoverflow.com/questions/37841270/… Using UseWhen() in conjonction with a condition on the URL context.Request.Path.StartsWithSegments("/API/")
In your Update1 version app.UseWhen(context => !isApiRequest(context), appBuilder => { app.UseStatusCodePagesWithRedirects("~/Error/{0}"); }); should be app.UseWhen(context => !isApiRequest(context), appBuilder => { appBuilder.UseStatusCodePagesWithRedirects("~/Error/{0}"); }); switch app for appbuilder.
No worries, in fact ion the internet you have a lots of tutorials with musage of UseWhen with the exact same confusion between app and appbuilder, I faced the issue. Thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.