ASP.NET MVC Authorize Attribute does a 302 redirect when the user is not authorized

Question

MSDN explicitly says it should do 401 redirect, but I\'m getting a 302 redirect on FF, and this is causing problems in AJAX requests as the returned status is 200 (from the red

Answer 1

I implemented my own custom authorize attribute which inherited from AuthorizeAttribute and ran into the same problem.

Then I found out that since .Net 4.5 there is a solution to this - you can suppress the redirect in the following way:

context.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;

Then the response will be a 401 - Unauthorized, along with the HTTP Basic authentication challenge.

More info here