Friday, December 5, 2014

ASP.NET Web API–Return 401 when using OWIN cookie authentication middleware

Wen using the OWIN cookie authentication middleware inside ASP.NET Web API, I noticed that I didn’t got an unauthorized (401) HTTP code when I was not authenticated. Instead the response was a 200 status code with a JSON response body:

{"Message":"Authorization has been denied for this request."}

This is not what I want. To change this you have to reconfigure the CookieAuthenticationProvider on the cookie authentication middleware:

No comments: