I am on an Azure Mobile Services custom API project with custom authentication implemented as described here:
https://azure.microsoft.com/en-us/documentation/articles/mobile-services-dotnet-backend-get-started-custom-authentication/,
And one of the iOS client developers has raised an issue that consumption of this custom login (not using client libs) is failing, and apparently because this 401 response does not conform to HTTP auth protocol (no authentication challenge header). The proposal here is that 401 should not be used in this scenario, but 403 instead.
Can someone elaborate on the problem here and what the best general approach is?
Should the 401 returned be augmented with some additional headers? Why would iOS have trouble with this? I have not confirmed that AMS is not sending the header.
0
votes
are you added all files which are using in Azure????
- Mihir Oza
And make sure your Azure credentials are correct(AzureServiceAccount,AzureServiceAccountaccessKey,BlobUploadUrl,WebApiUrl).
- Mihir Oza
@Mihir. This is unrelated to the problem.
- Sentinel
1 Answers
2
votes
HTTP 403 means forbidden, as in we know who you are, but you do not have permission to get or act on this resource. I don't think it's the correct response in your case here.
HTTP 401 is the correct response, but it should have a WWW-Authenticate header in the response to identify the scheme and realm to which the user should authenticate.
You'll need to add this header to your response manually.
response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue("Basic",
"realm=\"" + AuthRealm + "\""));
