Request from denied ip get response with StatusCode 200 (OK)

[dteijo]

If client ip address is banned at access control the server sends a response with status code 200 (OK), but the request was not processed and the client didn't get what is expected with status code 200. I believe that a response with status code 403 (Forbidden) is appropriate in this case.

Consider this simple client (local address is denied in server access control).

using System.Text.Json;

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, new Uri("http://127.0.0.1:55500/get-data"));
var response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
    string content = await response.Content.ReadAsStringAsync();
    var deserializedData = JsonSerializer.Deserialize(content, typeof(GetDataResponse));
}

public class GetDataResponse
{
    public int? Id { get; set; }
    public string? Description { get; set; }
    public string? AditionalData { get; set; }
}

It assumes that it can deserialize response since status code is 200, then response is valid json data. But raises an exception instead at deserealization:

System.Text.Json.JsonException: 'The input does not contain any JSON tokens. Expected the input to start with a valid JSON token, when isFinalBlock is true. Path: $ | LineNumber: 0 | BytePositionInLine: 0.'

InnerException JsonReaderException: The input does not contain any JSON tokens. Expected the input to start with a valid JSON token, when isFinalBlock is true. LineNumber: 0 | BytePositionInLine: 0.

[jchristn]

Thanks @dteijo could you try with NuGet v4.2.2.5? https://www.nuget.org/packages/Watson/4.2.2.5

I made sure to set the status to 403 prior to closing. Please let me know if this does it.

[dteijo]

It returns with status code 403 now. Thanks for your prompt response!

[jchristn]

Thanks for bringing it up @dteijo and making the library better!