1

According to the documentation: https://docs.servicestack.net/auth/authentication-and-authorization#authenticating-with.net-service-clients

Although behind-the-scenes it ends up making 2 requests, 1st request sends a normal request which will get rejected with a 401 Unauthorized and if the Server indicates it has the BasicAuthProvider enabled it will resend the request with the HTTP Basic Auth credentials.

We are using the typescript JsonClient:

https://api.locode.dev/classes/client.JsonServiceClient.html#responseFilter

We are using basic auth but on specific endpoints but do not want to fallback to it. Is there a way to disable this fallback ?

Improve this question

1 Answer 1

Reset to default
0

Browsers will automatically resend a failed 401 Basic Authenticate which responds with a WWW-Authenticate HTTP Response header.

You can override OnFailedAuthentication() to prevent it from returning a HttpHeaders.WwwAuthenticate in a custom AuthProvider:

public virtual Task OnFailedAuthentication(IAuthSession session, IRequest httpReq, IResponse httpRes)
{
    httpRes.StatusCode = (int)HttpStatusCode.Unauthorized;
    httpRes.AddHeader(HttpHeaders.WwwAuthenticate, "{0} realm=\"{1}\"".Fmt(this.Provider, this.AuthRealm));
    return HostContext.AppHost.HandleShortCircuitedErrors(httpReq, httpRes, httpReq.Dto);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.