question

profcegep-2263 avatar image
0 Votes"
profcegep-2263 asked YijingSun-MSFT answered

Dataservice call API but always Response status code does not indicate success: 401 (Unauthorized).

Hello.

I use a DataService from client-side and when I call API it's always Response status code does not indicate success: 401 (Unauthorized)..

But when i call the very same API from the code-behind ( razor.cs) it's works #1.

I think it's related to the thhpcontext. Any suggestion?


My service :

private readonly HttpClient _httpClient;

public StageStatutDataService(HttpClient httpClient)
{
_httpClient = httpClient;
}

public async Task<IEnumerable<StageStatut>> GetAllStageStatuts()
{
return await JsonSerializer.DeserializeAsync<IEnumerable<StageStatut>>
(await _httpClient.GetStreamAsync($"api/stagestatut"), new JsonSerializerOptions() { PropertyNameCaseInsensitive = true });
}

My API :

 [Authorize]
 [ApiController]
 [Route("api/[controller]")]
 public class StageStatutController : ControllerBase
 {
     private readonly IStageStatutRepository _stageStatutRepository;

     public StageStatutController(IStageStatutRepository stageStatutRepository)
     {
         _stageStatutRepository = stageStatutRepository;
     }

     [HttpGet]
     public IActionResult GetAllStageStatuts()
     {
         return Ok(_stageStatutRepository.GetAllStageStatuts());
     }
dotnet-aspnet-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

YijingSun-MSFT avatar image
0 Votes"
YijingSun-MSFT answered

Hi @profcegep-2263 ,

As far as I think,The HTTP 401 Unauthorized client error status response code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource.

Web API provides a built-in authorization filter.This filter checks whether the user is authenticated. If not, it returns HTTP status code 401 (Unauthorized), without invoking the action. More details,you could refer to below article.

Globally: To restrict access for every Web API controller, add the AuthorizeAttribute filter to the global filter list:

 public static void Register(HttpConfiguration config)
 {
     config.Filters.Add(new AuthorizeAttribute());
 }

Controller: To restrict access for a specific controller, add the filter as an attribute to the controller:

 // Require authorization for all actions on the controller.
 [Authorize]
 public class ValuesController : ApiController
 {
     public HttpResponseMessage Get(int id) { ... }
     public HttpResponseMessage Post() { ... }
 }

Action: To restrict access for specific actions, add the attribute to the action method.

 public class ValuesController : ApiController
 {
     public HttpResponseMessage Get() { ... }
    
     // Require authorization for a specific action.
     [Authorize]
     public HttpResponseMessage Post() { ... }
 }



If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our  documentation  to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,
Yijing Sun


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.