Search code examples
asp.net-coreasp.net-core-webapiasp.net-core-5.0

ASP.NET Core 5 Web API returns 404 code instead of 401 when the user is unauthenticated

I have a Web API written based on ASP.NET Core 5 framework with Swagger UI.

When the user make an authenticated request to any of the endpoint, I get 404 "like if the framework is redirecting the user to a page that does not exists!" If the framework is automatically redirecting the request due to unauthorized request, I want to change that behavior to instead return 401 JSON response. If not, how can I change the response code from 404 to 401 as JSON response?

Here is how the Startup class look like

public void ConfigureServices(IServiceCollection services)
{
    services.AddControllers();

    services.AddSwaggerGen(swagger =>
    {
        swagger.SwaggerDoc("v1", new OpenApiInfo
        {
            Version = "v1",
            Title = "Student Athlete Wellness Tracker API",
            Description = "API to provide data for the Student Athlete Wellness Trackers",

        });
        swagger.AddSecurityDefinition("basic", new OpenApiSecurityScheme()
        {
            Name = "Authorization",
            Type = SecuritySchemeType.Http,
            Scheme = "basic",
            In = ParameterLocation.Header,
            Description = "Basic Authorization header using the Bearer scheme.",
        });

        swagger.AddSecurityRequirement(new OpenApiSecurityRequirement
        {
            {
                new OpenApiSecurityScheme
                {
                    Reference = new OpenApiReference
                    {
                        Type = ReferenceType.SecurityScheme,
                        Id = "basic"
                    }
                },
                Array.Empty<string>()
            }
        });
    });

    services.AddAuthentication("BasicAuthentication")
            .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
}


public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/error");
        app.UseHsts();
    }
    app.UseSwagger();
    app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Student Athlete Wellness Trackers - v1"));

    app.UseCors(x => x.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());

    app.UseHttpsRedirection();

    app.UseRouting();
    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllers();
    });
}
Solution

  • I run in the same issue.

    I added the second options line and that solved the problem.

    services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            })

    You can read the official documentation to learn more:https://learn.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-5.0

    Example:Web api core returns 404 when adding Authorize attribute