Prevent ASP.NET from redirecting to login.aspx
Solution 1
If you are using ASP.NET 4.5. you can disable forms authentication redirect HttpResponse.SuppressFormsAuthenticationRedirect property.
In Global.asax:
protected void Application_BeginRequest(Object sender, EventArgs e)
{
HttpApplication context = (HttpApplication)sender;
context.Response.SuppressFormsAuthenticationRedirect = true;
}
Solution 2
In summary, i've put this in global.asax
protected void Application_BeginRequest(object sender, EventArgs e)
{
var context = new HttpContextWrapper(Context);
// set flag only if forms auth enabled and request comes from ajax
if (FormsAuthentication.IsEnabled && context.Request.IsAjaxRequest())
{
context.Response.SuppressFormsAuthenticationRedirect = true;
}
}
and for IsAjaxRequest()
used this
public static bool IsAjaxRequest(this HttpRequestBase request)
{
if (request == null)
{
throw new ArgumentNullException("request");
}
var context = HttpContext.Current;
var isCallbackRequest = false;// callback requests are ajax requests
if (context != null && context.CurrentHandler is Page)
{
isCallbackRequest = ((Page)context.CurrentHandler).IsCallback;
}
return isCallbackRequest || request["X-Requested-With"] == "XMLHttpRequest" ||
request.Headers["X-Requested-With"] == "XMLHttpRequest";
}
so for every ajax request forms auth will not be redirect anymore. It's the best solution that i've found.
And optionally, put this in client code, for page reload after receiving 401 error answers.
$(document).ajaxError(function (xhr, props) {
if (props.status === 401) {
location.reload();
}
});
Related videos on Youtube
Sreerag G
Updated on September 15, 2022Comments
-
Sreerag G over 1 year
We have a website that runs fully on AngularJS with an ASP.NET Web API back-end with the following configuration: - HTML5 routing is enabled on Angular and there is a rewrite rule in web.config to direct all traffic to index.html - MVC is not installed (only razor pages) - Authentication happens using Forms Authentication and related cookies
I have just added the Helicon IIS plugin to have .htaccess password protected for our development server (it's a mess to do it with IIS alone) but I have a basic problem.
After I input the basic auth credentials, I will get a redirect to
/login.aspx?ReturnUrl=
and although I'm not sure who is responsible for this (IIS or Helicon plugin), it will match one of my AngularJS routes and result in an error.How can I stop this redirect from happening?
My web.config authentication bit:
<authentication mode="Forms"> <forms protection="All" timeout="15" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="false" cookieless="UseCookies" enableCrossAppRedirects="false" /> </authentication>
-
Sreerag G over 10 yearsWhat would be the most appropriate place to put this? Can you give an actual code sample?
-
Patrick Desjardins over 10 yearsThis should be placed in Global.asax
-
ewitkows about 10 yearsThis helped me too, but for my site I had to add this code to Application_BeginRequest, not EndRequest. Then I was able to use the code found here in the EndRequest to redirect to an unauthorized page: stackoverflow.com/a/18521035/382214
-
nevermind about 9 yearsWorked for me only in
Application_BeginRequest
. Also it is possible to useHttpContext.Current
instead ofsender
parameter:HttpContext.Current.Response.SuppressFormsAuthenticationRedirect = true;
-
Elliott Beach over 5 yearsI am editing this answer to say BeginRequest. The previous version had the EndRequest event, which will be executed only after the response headers & content is already sent.