javascript python java c# php android html jquery c++ css ios mysql sql r node.js arrays reactjs c asp.net json ruby-on-rails .net sql-server swift python-3.x objective-c django angular angularjs excel regex pandas ruby iphone ajax linux xml vba asp.net-mvc spring laravel database wordpress typescript string wpf mongodb windows xcode postgresql bash oracle git vb.net amazon-web-services multithreading list firebase flutter eclipse spring-boot dataframe azure react-native algorithm docker macos forms image visual-studio scala powershell function twitter-bootstrap numpy api performance selenium winforms python-2.7 matlab vue.js sqlite apache hibernate entity-framework loops rest shell facebook express android-studio csv linq maven qt swing unit-testing file tensorflow

[ACCEPTED]-How do i send a "forbidden" response in my Web API 2 solution?-asp.net-web-api2

Accepted answer
Score: 11

You can use an HttpResponseMessage like 3 so:

public HttpResponseMessage Get(string id, string securityToken)
{
    var forbidden = true;
    if (forbidden)
    {
        return this.Request.CreateResponse(HttpStatusCode.Forbidden);
    }
    return Ok(userRepository.LoadAll());
}

Using HttpResponseMessage allows you 2 to return OK (an HTTP 200) with content, or 1 an error.

Score: 9

IHttpActionResult:

return StatusCode(HttpStatusCode.Forbidden);

Or:

return Content(HttpStatusCode.Forbidden, "message");

HttpResponseMessage:

return this.Request.CreateErrorResponse(HttpStatusCode.Forbidden, "message");

See this example if you would like a 2 custom controller to have Forbidden() implemented just 1 like BadRequest() or any other response.

https://stackoverflow.com/a/28361376/3850405

Score: 6

Typically you'd do the ValidateToken type call in an 6 ActionFilterAttribute, returning the forbidden at that time, long 5 before the Get method was called on the controller. You'd 4 then apply that attribute to the controller 3 or action method (or register it as a global 2 action filter attribute if you need to authorize 1 ALL calls).

Source: stackoverflow.com

More Related questions

Web Api 2: BadRequest with custom error model

Stop displaying entire stack trace in WebAPI

The inline constraint resolver of type 'DefaultInlineConstraintResolver' was unable to resolve the following inline constraint: 'apiVersion'

Call web api with basic authentication always get 401 unauthorized from IIS

Web Api HTTPPost not accepting int

How to read/parse Content from OkNegotiatedContentResult?

Returning IHttpActionResult vs IEnumerable<Item> vs IQueryable<Item>

Build JSON response in Web API controller

How do you restrict requests so they only work if it is accessed by a specific domain

Getting only the count of odata expand property