Redirect to login when not authenticated

paul1 · February 27, 2024, 3:28pm

Hi,

When I goto a page in my webapp that has the Authenticate Attribute and I am not logged in I get a 401 error. But I want to have a redirect to my login page.

My request - I tried adding the HtmlRedirect

    [Route("/auth-test")]
    public class TestRequest { }

    [Authenticate(HtmlRedirect = "/login")]
    public string Get(TestRequest r)
    {
        return "OK!";
    }

My Configure.Auth - I tried adding the HtmlRedirect on the AuthFeature

    public class ConfigureAuth : IHostingStartup
    {
        public void Configure(IWebHostBuilder builder) => builder
            .ConfigureAppHost(appHost => {
                appHost.Plugins.Add(new AuthFeature(() => new AuthUserSession(),
                    new IAuthProvider[] {
                        new CredentialsAuthProvider()
                    }, "/login"));
            });
    }

I think the answer must be simple but I just can’t find it…

mythz · February 27, 2024, 3:33pm

How are you making the API Request? Can you please provide the HTTP Request and Response Headers?

paul1 · February 27, 2024, 3:46pm

Local request to: http://localhost:5005/auth-test

Request headers:
GET /auth-test HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en,nl-NL;q=0.9,nl;q=0.8,en-US;q=0.7
Cache-Control: max-age=0
Connection: keep-alive
Cookie: ss-opt=perm; .AspNet.Consent=yes; referral=; .AspNetCore.Antiforgery.S7UudcJ9Diw=CfDJ8Ii-v4z7crhAnOiwKqIxxkTM9Lt1S1sLYZRAXodP_XRGdckMZHImlf53vtIgUTde5UQArQk7iv71ZHTLq7JKFRTAEVyxmgVxgRQet8Q2pUjLKdQiMzjsDnwuzZbfRTfMwCscJ2Mw1IRB6vc-H1wPado; upid=; mkuid=uruh5TW24dDifmmG6nHs; ss-id=ZsOLsmuERb5ncCH6VxiI; ss-pid=PgCjQmQbUxEPkWsztl6Y
Host: localhost:5005
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36
sec-ch-ua: “Not A(Brand”;v=“99”, “Google Chrome”;v=“121”, “Chromium”;v=“121”
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: “Windows”

Response headers:
HTTP/1.1 401 Unauthorized
Transfer-Encoding: chunked
Vary: Accept
Server: Microsoft-IIS/10.0
WWW-Authenticate: credentials realm=“/auth/credentials”
X-Powered-By: ServiceStack/8.0 NET6/Windows/net8/IN
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Content-Type
X-Powered-By: ASP.NET
Date: Tue, 27 Feb 2024 15:43:56 GMT

mythz · February 27, 2024, 4:21pm

I can’t reproduce this, the HtmlRedirect set in the constructor should be all you need to redirect 401 Unauthorized redirects:

appHost.Plugins.Add(new AuthFeature(() => new AuthUserSession(),
      new IAuthProvider[] {
          new CredentialsAuthProvider()
      }, "/login"));

I’m assuming there’s something else in the App interfering with it. If you can put a small stand-alone repro on GitHub I’ll be able to identify the issue. The vue-mjs is a good template to start with configured with ServiceStack Auth:

$ x new vue-mjs Test

paul1 · February 28, 2024, 11:25am

Sorry about my unreproducible question! But thank you for the answer. It helped me to find the problem

This was the problem:
In my AppHost I had:
Plugins.Add(new HandleExceptions());

With this plugin:

public class HandleExceptions : IPlugin
{
    public void Register(IAppHost appHost)
    {
        appHost.ServiceExceptionHandlers.Add(HandleServiceExceptionDelegate);
    }

    public object HandleServiceExceptionDelegate(IRequest httpReq, object request, Exception ex)
    {
    	//return null; // I should have used this return null for the default behavior
        return DtoUtils.CreateErrorResponse(request, ex, new ResponseStatus(ex.ToErrorCode(), ex.Message));
    }
}

When I changed the CreateErrorResponse to return null the redirect worked again.