I'm passing the suppress redirection key in the header, and using the WebAPI DelegatingHandler to add the header if auth fails.
protected override Task SendAsync(
HttpRequestMessage request, CancellationToken cancellationToken)
{
var requestAuthTokenList = GetRequestAuthTokens(request);
if (ValidAuthorization(requestAuthTokenList))
{
return base.SendAsync(request, cancellationToken);
}
return Task.Factory.StartNew(
() =>
{
var resp = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("Authorization failed")
};
resp.Headers.Add(SuppressFormsAuthenticationRedirectModule.SuppressFormsHeaderName,"true");
return resp;
});
}
However, this does not seem to have any effect and the response payload shows the following error:
Authorization failed
....html.....Cannot redirect after HTTP headers have been sent.
@Gissues:{"order":50,"status":"notstarted"}