Closed Basti-Fantasti closed 4 months ago
The action you called (admin/role1) has [MVCProduces('text/html')]
so you have to call it with accept: text/html
to address it. If you don't put that header in the request, correctly, the server respond with a "Not Found" because such route doesn't exist.
Ah ok thanks for the feedback. I'll try to adjust the sample code to check the different outcomes 👍
Hi,
by checking the JWT samples from the current DMVCFramework v3.4.2 RC1 I've stumbled across an issue:
I analyzed the
jsonwebtoken_livevaliditywindow
example When using the supplied VCL based JWTClient everything works as expected. It's possible to retrieve a token and to call the protected resource.But when calling the same protected endpoint from e.g. HTTPie without logging in and without additional headers, the server sends a
404 Not found
instead of the401 Not Authorized
Also the route seems to be invalid, see here:
I analyzed the request from the VCL App with Wireshark and compared it to the one from HTTPie and found out that the missing header was the
Accept */*
After sending this header information with the request, the correct `401 was shown and the log found the correct route.
Logging in and requesting the endpoint with a valid Bearer Token was also working afterwards.
The Public endpoint at
/public
could be called successfully without any additional headers.