What HTTP code to use in “Not Authenticated” and “Not authorized” cases?

Question

I read that \"401 Unauthorized\" code must be used when a user:

1. Is not logged, but login is required (\"not authenticated\");
2. Is logged, but his profile d

Answer 1

IIS differentiates these cases with sub-status codes (reference):

• 401 = User is not logged in, but login is required
• 401.1 = The user tried to login but their credentials are not valid.
• 401.3 = The user's credentials are valid but the user is not authorized to see the resource.