This repository was archived by the owner on Dec 8, 2018. It is now read-only.
This repository was archived by the owner on Dec 8, 2018. It is now read-only.
Passing more than Status Code to the Error action #316
Closed
Description
Currently there is a problem with the way JSON error results are handled e.g.: aspnet/Security#872 and aspnet/Security#699 there is no easy way to pass more than status code to your Error action that shows the error page or JSON result.
Sometimes it would be nice to have a reason in the result e.g. "Insufficient rights, because you are not an employee" or in JSON { "error" : "FORBIDDEN", "requires" : ["EmployeeOnly"] } to show a dialog why you are forbidden to see the page.
But since only thing the error handler gets is the status code it can't determine the extra requirement, claim in this case.
Imagine the situation that you have this:
services.AddAuthorization(opts => {
// ...
opts.AddPolicy("EmployeeOnly", policy => {
policy.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme);
policy.RequireClaim("EmployeeNumber");
});
});Then this as a Error handler for status code pages:
[HttpGet("/Error"), HttpPost("/Error")]
public IActionResult Error([FromQuery] int status = 400)
{
if (HttpContext.Request.Headers.ContainsKey("Accept") &&
HttpContext.Request.Headers["Accept"].Contains("application/json"))
{
if (status == 403) {
// PROBLEM: There is no way to get the failing reason (e.g. claim "EmployeeOnly") here?
return new JsonResult(new { error = "FORBIDDEN" });
}
else
{
return new JsonResult(new { error = "UNDEFINED_ERROR" });
}
}
// HTML Version if you wish ...
}Metadata
Metadata
Assignees
Labels
No labels