Prevent ASP.NET from redirecting to login.aspx

asp.net asp.net-mvc .htaccess angularjs

13,637

Solution 1

If you are using ASP.NET 4.5. you can disable forms authentication redirect HttpResponse.SuppressFormsAuthenticationRedirect property.

In Global.asax:

protected void Application_BeginRequest(Object sender, EventArgs e)
{
        HttpApplication context = (HttpApplication)sender;
        context.Response.SuppressFormsAuthenticationRedirect = true;
}

Solution 2

In summary, i've put this in global.asax

protected void Application_BeginRequest(object sender, EventArgs e)
{
    var context = new HttpContextWrapper(Context);
    // set flag only if forms auth enabled and request comes from ajax
    if (FormsAuthentication.IsEnabled && context.Request.IsAjaxRequest())
    {
        context.Response.SuppressFormsAuthenticationRedirect = true;
    }
}

and for IsAjaxRequest() used this

public static bool IsAjaxRequest(this HttpRequestBase request)
{
    if (request == null)
    {
        throw new ArgumentNullException("request");
    }
    var context = HttpContext.Current;
    var isCallbackRequest = false;// callback requests are ajax requests
    if (context != null && context.CurrentHandler is Page)
    {
        isCallbackRequest = ((Page)context.CurrentHandler).IsCallback;
    }
    return isCallbackRequest || request["X-Requested-With"] == "XMLHttpRequest" || 
        request.Headers["X-Requested-With"] == "XMLHttpRequest";
}

so for every ajax request forms auth will not be redirect anymore. It's the best solution that i've found.

And optionally, put this in client code, for page reload after receiving 401 error answers.

$(document).ajaxError(function (xhr, props) {
    if (props.status === 401) {
        location.reload();
    }
});

13,637

Sreerag G

Updated on September 15, 2022

Comments

Sreerag G over 1 year
We have a website that runs fully on AngularJS with an ASP.NET Web API back-end with the following configuration: - HTML5 routing is enabled on Angular and there is a rewrite rule in web.config to direct all traffic to index.html - MVC is not installed (only razor pages) - Authentication happens using Forms Authentication and related cookies

I have just added the Helicon IIS plugin to have .htaccess password protected for our development server (it's a mess to do it with IIS alone) but I have a basic problem.

After I input the basic auth credentials, I will get a redirect to /login.aspx?ReturnUrl= and although I'm not sure who is responsible for this (IIS or Helicon plugin), it will match one of my AngularJS routes and result in an error.

How can I stop this redirect from happening?

My web.config authentication bit:
```
<authentication mode="Forms">
  <forms protection="All" timeout="15" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="false" cookieless="UseCookies" enableCrossAppRedirects="false" />
</authentication>
```
Sreerag G over 10 years

What would be the most appropriate place to put this? Can you give an actual code sample?
Patrick Desjardins over 10 years

This should be placed in Global.asax
ewitkows about 10 years

This helped me too, but for my site I had to add this code to Application_BeginRequest, not EndRequest. Then I was able to use the code found here in the EndRequest to redirect to an unauthorized page: stackoverflow.com/a/18521035/382214
nevermind about 9 years

Worked for me only in Application_BeginRequest. Also it is possible to use HttpContext.Current instead of sender parameter: HttpContext.Current.Response.SuppressFormsAuthenticationRedi‌rect = true;
Elliott Beach over 5 years

I am editing this answer to say BeginRequest. The previous version had the EndRequest event, which will be executed only after the response headers & content is already sent.