HandleUnauthorizedRequest in ASP.Net Web API

Question

I am developing a ASP.Net Web API application and I have used AuthorizeAttribute for the authentication. When the authentication fails, the code that executes is this.

protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
    {
        HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
        actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
        return;
    }

This code results to display a Unauthorized request page from the browser but what I want is to display a custom page which I have designed. How do I do that?

Answer 1

Check this out: http://weblogs.asp.net/jgalloway/archive/2012/03/23/asp-net-web-api-screencast-series-part-6-authorization.aspx

What it basically says, you have to check the result code on the client side, and in case it is 401 (Unauthorized), redirect the user to the custom page you've designed:

$(function () { 
    $("#getCommentsFormsAuth").click(function () { 
        viewModel.comments([]); 
        $.ajax({ url: "/api/comments", 
           accepts: "application/json", 
           cache: false, 
           statusCode: { 
            200: function(data) { 
                viewModel.comments(data); 
            }, 
            401: function(jqXHR, textStatus, errorThrown) { 
                self.location = '/Account/Login/'; 
            } 
        } 
    }); 
  }); 
});