当用户未经身份验证时，ASP.NET Core 5 Web API 返回 404 代码而不是 401

Posted 2023-03-09

【中文标题】当用户未经身份验证时，ASP.NET Core 5 Web API 返回 404 代码而不是 401

【英文标题】：ASP.NET Core 5 Web API returns 404 code instead of 401 when the user is unauthenticated

【发布时间】：2021-11-09 03:18:09

【问题描述】：

我有一个基于 ASP.NET 5 框架和 Swagger UI 编写的 Web API。

当用户向任何端点发出经过身份验证的请求时，我得到 404“就像框架将用户重定向到不存在的页面一样！”如果框架由于未经授权的请求而自动重定向请求，我想更改该行为以返回 401 json 响应。如果没有，如何将响应代码从 404 更改为 401 作为 JSON 响应？

这是 Startup 类的样子

public void ConfigureServices(IServiceCollection services)

    services.AddControllers();

    services.AddSwaggerGen(swagger =>
    
        swagger.SwaggerDoc("v1", new OpenApiInfo
        
            Version = "v1",
            Title = "Student Athlete Wellness Tracker API",
            Description = "API to provide data for the Student Athlete Wellness Trackers",

        );
        swagger.AddSecurityDefinition("basic", new OpenApiSecurityScheme()
        
            Name = "Authorization",
            Type = SecuritySchemeType.Http,
            Scheme = "basic",
            In = ParameterLocation.Header,
            Description = "Basic Authorization header using the Bearer scheme.",
        );

        swagger.AddSecurityRequirement(new OpenApiSecurityRequirement
        
            
                new OpenApiSecurityScheme
                
                    Reference = new OpenApiReference
                    
                        Type = ReferenceType.SecurityScheme,
                        Id = "basic"
                    
                ,
                Array.Empty<string>()
            
        );
    );

    services.AddAuthentication("BasicAuthentication")
            .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);



public void Configure(IApplicationBuilder app, IWebHostEnvironment env)

    if (env.IsDevelopment())
    
        app.UseDeveloperExceptionPage();
    
    else
    
        app.UseExceptionHandler("/error");
        app.UseHsts();
    
    app.UseSwagger();
    app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Student Athlete Wellness Trackers - v1"));

    app.UseCors(x => x.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader());

    app.UseHttpsRedirection();

    app.UseRouting();
    app.UseAuthentication();
    app.UseAuthorization();

    app.UseEndpoints(endpoints =>
    
        endpoints.MapControllers();
    );

【参考方案1】：

为了解决这个问题，我改变了

services.AddAuthentication("BasicAuthentication")
        .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);

到

services.AddAuthentication(opts =>

    opts.DefaultAuthenticateScheme = "BasicAuthentication";
    opts.DefaultChallengeScheme = "BasicAuthentication";
    opts.DefaultScheme = "BasicAuthentication";
    opts.AddScheme<BasicAuthenticationHandler>("BasicAuthentication", null);
);

【参考方案2】：

我遇到了同样的问题。

我添加了第二个选项行并解决了问题。

services.AddAuthentication(options =>
            
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            )

您可以阅读官方文档了解更多：https://docs.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-5.0

例子：Web api core returns 404 when adding Authorize attribute