Mistaken Response Code Detected on MVC AJAX Call

Question

Mistaken Response Code Detected on MVC AJAX Call

When making a request using $.ajax(), I typically do it like this:

$.ajax({
    type: "GET",
    url: myUrl
    success: function(data) {
        $("#replace").html(data)
    },
    error: function (data) {
        console.warn(data);
    }
});

Another way is to attach handlers to the promises of the ajax call:

$.ajax({
    type: "GET",
    url: myUrl
})
.done(function(data, status) {
    console.log(data);
})
.fail(function(data, status) {
    console.warn(status);
});

In both scenarios, the error/fail function is triggered when there's an HTTP status error.

In my ASP.NET MVC project, I want to return the proper HTTP Status Code. This is important from a semantic perspective and for accurate handling on the client side.

Attempt #1 - Following advice provided in this answer, I tried returning a HttpStatusCodeResult like this:

protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    if (filterContext.HttpContext.Request.IsAjaxRequest())
    {
        filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized, accessResult.AccessDeniedMessage);
        filterContext.HttpContext.Response.End();
    }
    else
    {
       base.HandleUnauthorizedRequest(filterContext);
    }
}

Attempt #2 - Alternatively, as suggested in this answer, I attempted returning a JsonResult while setting the Response.StatusCode:

filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
filterContext.Result = new JsonResult()
{
    Data = new { Error = "Unauthorized User" },
    JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
filterContext.HttpContext.Response.End();

Despite these efforts, the response still indicates 200 OK.

https://i.sstatic.net/jEy2K.png

Questions:

Is it correct that an AJAX response should include an Unauthorized status code?
Do I need to set this value elsewhere as well?
Are there server-level configurations that need adjustment to allow non-200 status codes?

This issue discussed in Always success on ajax post with HttpResponseMessage 401 seems similar but lacks a clear solution at the server side level, resorting instead to accepting the OK error status code and inspecting responses for errors manually.

javascript c#ajax asp.net-mvc http-status-codes

Answer 1

Answer №1

The issue at hand was similar to the one discussed in Always success on ajax post with HttpResponseMessage 401. The response was successfully returned, but it triggered a redirect to a form login page.

<b>X-Responded-JSON</b>: {"status": 401, "headers": {"location":"http:\/\/localhost:50004\/Login?ReturnUrl=%2FClient"}}

While the original question did not propose a server-side solution and focused more on handling errors on the client side, Brock Allen recommended a server-side fix in his article about Using cookie authentication middleware with Web API and 401 response codes:

Typically, when using cookie authentication middleware and encountering a 401 status code on the server (MVC or WebForms), the response is converted into a 302 redirect to the login page indicated by the LoginPath in the CookieAuthenticationOptions. However, this behavior is not ideal for Ajax calls that expect a 401 response without redirection. To address this, you need to customize the action taken upon receiving a 401 unauthorized response by configuring a CookieAuthenticationProvider:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
   AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
   LoginPath = new PathString("/Account/Login"),
   Provider = new CookieAuthenticationProvider
   {
      OnApplyRedirect = ctx =>
      {
         if (!IsAjaxRequest(ctx.Request))
         {
            ctx.Response.Redirect(ctx.RedirectUri);
         }
     }
   }
});
This snippet specifically handles the OnApplyRedirect event. If the call is not an Ajax request, it redirects; otherwise, it allows the 401 response to be sent back to the caller.

The IsAjaxRequest check used here is borrowed from a helper in the katana project:
private static bool IsAjaxRequest(IOwinRequest request)
{
   IReadableStringCollection query = request.Query;
   if ((query != null) && (query["X-Requested-With"] == "XMLHttpRequest"))
   {
      return true;
   }
   IHeaderDictionary headers = request.Headers;
   return ((headers != null) && (headers["X-Requested-With"] == "XMLHttpRequest"));
}

Answer 2

The issue at hand was similar to the one discussed in Always success on ajax post with HttpResponseMessage 401. The response was successfully returned, but it triggered a redirect to a form login page.

<b>X-Responded-JSON</b>: {"status": 401, "headers": {"location":"http:\/\/localhost:50004\/Login?ReturnUrl=%2FClient"}}

While the original question did not propose a server-side solution and focused more on handling errors on the client side, Brock Allen recommended a server-side fix in his article about Using cookie authentication middleware with Web API and 401 response codes:

Typically, when using cookie authentication middleware and encountering a 401 status code on the server (MVC or WebForms), the response is converted into a 302 redirect to the login page indicated by the LoginPath in the CookieAuthenticationOptions. However, this behavior is not ideal for Ajax calls that expect a 401 response without redirection. To address this, you need to customize the action taken upon receiving a 401 unauthorized response by configuring a CookieAuthenticationProvider:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
   AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
   LoginPath = new PathString("/Account/Login"),
   Provider = new CookieAuthenticationProvider
   {
      OnApplyRedirect = ctx =>
      {
         if (!IsAjaxRequest(ctx.Request))
         {
            ctx.Response.Redirect(ctx.RedirectUri);
         }
     }
   }
});
This snippet specifically handles the OnApplyRedirect event. If the call is not an Ajax request, it redirects; otherwise, it allows the 401 response to be sent back to the caller.

The IsAjaxRequest check used here is borrowed from a helper in the katana project:
private static bool IsAjaxRequest(IOwinRequest request)
{
   IReadableStringCollection query = request.Query;
   if ((query != null) && (query["X-Requested-With"] == "XMLHttpRequest"))
   {
      return true;
   }
   IHeaderDictionary headers = request.Headers;
   return ((headers != null) && (headers["X-Requested-With"] == "XMLHttpRequest"));
}

Mistaken Response Code Detected on MVC AJAX Call

Questions:

Answer №1

Similar questions

Dealing with null values in Ajax responses with coffeescript

How to Include JavaScript Files in an HTML Document

Dynamic Data Causes Highcharts Date Formatting to Adapt

Error encountered when using Prisma Client in conjunction with Next Auth.js

The issue with modal form submission in Laravel 8 is due to a malfunctioning Ajax code

Utilizing Vue-cli and Three.js to Load STL Files

D3: Ensuring Map is Scaled Correctly and Oriented Correctly

RXJS - distinguishing between values based on multiple keys

Tips for arranging accordion buttons side by side so they all expand into a single element

`A brief disruption in loading the visual style of Google Maps`

Using Vue2: It is recommended to refrain from directly mutating a prop inside a component

Struggling to properly access an object in EJS template engine

Experiencing problems with geolocation feature policy while working with Ionic framework

Alter the URL and CSS upon clicking an element

Using Node.js to Insert Data into MySQL

The customization of a Wordpress theme is causing an issue: the CSS class cannot be

Transforming into a serialized division

SSL and localhost causing CORS Access Denied in IE11 and later versions

Tips for truncating text within a textarea

Transferring a variable from a .jsp file to a .js file