Although behind-the-scenes it ends up making 2 requests, 1st request sends a normal request which will get rejected with a 401 Unauthorized and if the Server indicates it has the BasicAuthProvider enabled it will resend the request with the HTTP Basic Auth credentials.
我们正在使用打字稿 JsonClient:
https://api.locode.dev/classes/client.JsonServiceClient.html#responseFilter
我们在特定端点上使用基本身份验证,但不想回退到它。有没有办法禁用此后备?
浏览器将自动重新发送失败的 401 基本身份验证,并使用
WWW-Authenticate
HTTP 响应标头进行响应。
您可以重写 OnFailedAuthentication() 以防止它在自定义 AuthProvider 中返回
HttpHeaders.WwwAuthenticate
:
public virtual Task OnFailedAuthentication(IAuthSession session, IRequest httpReq, IResponse httpRes)
{
httpRes.StatusCode = (int)HttpStatusCode.Unauthorized;
httpRes.AddHeader(HttpHeaders.WwwAuthenticate, "{0} realm=\"{1}\"".Fmt(this.Provider, this.AuthRealm));
return HostContext.AppHost.HandleShortCircuitedErrors(httpReq, httpRes, httpReq.Dto);
}