We're building a ServiceStack API which will use Basic authentication. I've currently set up the auth in my AppHost as follows:
var authDb = new OrmLiteConnectionFactory("Server=(...);", true, MySqlDialectProvider.Instance);
var authRepo = new OrmLiteAuthRepository(authDb);
authRepo.CreateMissingTables();
container.Register<ICacheClient>(c => new MemoryCacheClient());
container.Register<IUserAuthRepository>(c => authRepo);
Plugins.Add(
new AuthFeature(() => new AuthUserSession(), new IAuthProvider[] { new BasicAuthProvider() })
);
When doing a request with no Authorization header or the wrong username+pass the response is a redirect to /Account/Login.aspx?ReturnUrl=...
Parital request + response example:
POST http://localhost:60278/reserve HTTP/1.1
HTTP/1.1 302 Found
Location: /Account/Login.aspx?ReturnUrl=%2freserve
X-Powered-By: ServiceStack/3,924 Win32NT/.NET
Is there a way to make it respond with only a HTTP 401 Unauthorized or a HTTP 403 Forbidden ?