ASP.NET Core 6 Web API : custom authentication handler and Angular HttpInterceptor [receive Status code =0 for 401 Unauthorized Response]
I have written a custom authentication handler in .NET Core. The custom handler works fine. If a user is unauthorized, it returns http 401 Unauthorized.
In the UI, I use an Angular HttpInspector to receive the unauthorized response sent from the API.
I faced two problems:
- In the
HttpInspector, I do not receive the status 401, the status code I receive is 0 - For any authenticate user (status code 200 Ok), I do not receive any CORS problem. but for unauthorized response I am getting CORS problem (I also configured the Cors policy in the
program.csfile in ASP.NET Core Web API):
Screenshot of CORS configuration in Program.cs:
Here is the code for custom authentication handler:
public class CustomAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
string failReason;
// Constructor to initialize base
public CustomAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) :base(options,logger, encoder, clock)
{
}
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Headers.ContainsKey("Authorization"))
{
failReason = "Himadri You failed";
return AuthenticateResult.Fail(failReason);
}
string strAuthorization = Request.Headers["Authorization"];
if (string.IsNullOrEmpty(strAuthorization))
{
return AuthenticateResult.Fail("Unauthorized");
}
try
{
var handler = new JwtSecurityTokenHandler();
string token = strAuthorization.Substring("bearer".Length).Trim();
var tokenS = handler.ReadToken(token) as JwtSecurityToken;
//var id = tokenS.Claims.First(claim => claim.Type == "nameid").Value;
var claim = new List<Claim>
{
new Claim(ClaimTypes.Name, "himadri")
};
var identity = new ClaimsIdentity(claim, Scheme.Name);
var principal = new GenericPrincipal(identity, null);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return AuthenticateResult.Success(ticket);
}
catch (Exception ex)
{
return AuthenticateResult.Fail(ex.Message);
}
}
protected override Task HandleChallengeAsync(AuthenticationProperties properties)
{
//Response.StatusCode = 401;
if (failReason != null)
{
Response.StatusCode = 401;
Response.Headers.Append("access-control-expose-headers", "WWW-Authenticate");
Response.Headers.Append("WWW-Authenticate", failReason);
Response.WriteAsync(failReason);
Response.HttpContext.Features.Get<IHttpResponseFeature>().ReasonPhrase = failReason;
}
return Task.CompletedTask;
}
}
If I call the API from Postman, it shows the status code and header perfectly:
But if call the API from my Angular application [in a HTTPInterceptor], then for unauthenticated user, I get status code = 0 and CORS problem occurs, but for authenticated user data is returned properly, status code = 200 and no CORS problem.
[Please refer to the 1st and 2nd screenshot]
Screenshot of HTTPInterecptor:
What am I missing here? Without receiving proper status code and header, how can I display proper message for unauthenticated/unauthorized users?
How can I receive proper status code and headers in Angular application from .NET Core custom authentication middleware?
Based on OP's confiramtion, putting app.UseCors(); before app.UseAuthentication(); can solved the issue, because CORS middleware should be called before authentication middleware. See middlware order here.
- Elasticsearch curl request not working as expected in Angular 4
- how to show this.variable value in observer callback function in chrome debug mode
- Conditional Styling of an Angular component
- How to get the position after drop with cdkDrag?
- Angular Previous page button getting disabled when the next page button gets clicked
- Angular InjectionToken throws 'No provider for InjectionToken'
- Check for browser optional chaining support in Angular project
- Mixing less and sass files in Angular application
- How can I detect/watch "dirty-status" of an angular2-form in the right way?
- Using Angular Signals with HostBinding to update style?
- Angular2 Animation onDone callback
- How can I use angular-calendar in Angular 17 as a standalone project?
- CDK Virtual Scrolling Issue with maxBufferPx not displaying full list
- Angular 18 - Route to nested components
- Angular TestBed.inject
- @types/google.maps: Cannot find name 'google'
- ESlint Angular - no-unused-vars hits type definition
- PrimeNg Editor is not showing up - Angular
- Angular ng build transpile TypeScript outside of app folders?
- Angular 2 ngSwitchCase, OR operator not working
- Angular Material - How to sort the data for mat-table in the loop
- Can Angular Renderer2 setStyle function operate on an element where the style attribute is not yet defined?
- How to add husky and commitlint to angular project
- How to restrict user from opening the succeeding accordions until the form in current accordion is valid in Angular Material?
- use ngSwitch with on object with conditional attributes in Angular2
- Angular Material - How to display data with the loop in the mat-table
- Unable to Authenticate to DevOps API with Angual MSAL
- Navigation customization
- Printing a HTML template as PDF - Angular 2
- Semantic colors in an Angular Material component