7

I have a Web API written based on ASP.NET Core 5 framework with Swagger UI.

When the user make an authenticated request to any of the endpoint, I get 404 "like if the framework is redirecting the user to a page that does not exists!" If the framework is automatically redirecting the request due to unauthorized request, I want to change that behavior to instead return 401 JSON response. If not, how can I change the response code from 404 to 401 as JSON response?

Here is how the Startup class look like

public void ConfigureServices(IServiceCollection services)
{
    services.AddControllers();

    services.AddSwaggerGen(swagger =>
    {
        swagger.SwaggerDoc("v1", new OpenApiInfo
        {
            Version = "v1",
            Title = "Student Athlete Wellness Tracker API",
            Description = "API to provide data for the Student Athlete Wellness Trackers",

        });
        swagger.AddSecurityDefinition("basic", new OpenApiSecurityScheme()
        {
            Name = "Authorization",
            Type = SecuritySchemeType.Http,
            Scheme = "basic",
            In = ParameterLocation.Header,
            Description = "Basic Authorization header using the Bearer scheme.",
        });

        swagger.AddSecurityRequirement(new OpenApiSecurityRequirement
        {
            {
                new OpenApiSecurityScheme
                {
                    Reference = new OpenApiReference
                    {
                        Type = ReferenceType.SecurityScheme,
                        Id = "basic"
                    }
                },
                Array.Empty<string>()
            }
        });
    });

    services.AddAuthentication("BasicAuthentication")
            .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
}


public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/error");
        app.UseHsts();
    }
    app.UseSwagger();
    app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Student Athlete Wellness Trackers - v1"));

    app.UseCors(x => x.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());

    app.UseHttpsRedirection();

    app.UseRouting();
    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllers();
    });
}
Improve this question

2 Answers 2

Reset to default
7

I run in the same issue.

I added the second options line and that solved the problem.

services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            })

You can read the official documentation to learn more:https://learn.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-5.0

Example:Web api core returns 404 when adding Authorize attribute

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

To fix the issue, I changed

services.AddAuthentication("BasicAuthentication")
        .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);

to

services.AddAuthentication(opts =>
{
    opts.DefaultAuthenticateScheme = "BasicAuthentication";
    opts.DefaultChallengeScheme = "BasicAuthentication";
    opts.DefaultScheme = "BasicAuthentication";
    opts.AddScheme<BasicAuthenticationHandler>("BasicAuthentication", null);
});
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.