In ASP.Net / ASP.Net Core WebAPI,
When the client/browser tries to access a WebAPI endpoint which is decorated with [Authorized]
attribute. It gets a 302-Found
status code with a redirect response to the Login page, instead of 401-Unauthorized
for an unauthorized request.
Note: I have noticed that Fail(AuthorizationContext context)
method in AuthorizeAttribute filter sets the response code as 401-Unauthorized
, but eventually browser gets a 302-Found
response.
How can I send the 401 response instead of 302 ?
UPDATE: Update the question with ASP.NET Core