Change login address

Question

I'm developing some Web APIs alongside some MVC controllers and pages with ASP.net MVC 5 and Owin 1.0 . When not logged in, I want user to receive 401 error on Web API requests. Because of this I didn't add <authentication> section in web.config. I approached the goal by adding AuthorizeAttribute:

public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            config.Filters.Add(new AuthorizeAttribute());
        }
    }

and:

 public class FilterConfig
    {
        public static void RegisterGlobalFilters(GlobalFilterCollection filters)
        {
            filters.Add(new AuthorizeAttribute());
        }
    }

It works fine for unauthorized web api request. The problem is with MVC controllers: They are redirected to http://localhost:1234/login.aspx?ReturnUrl=%2f. Is there any way to either change the login address or completely remove it?

Please note: My question is not about Web API since it behaves perfectly returning 401. I want to change behavior of MVC controller to return my desired login page

Answer 1

So if you want to change view (or route) for unauthorized user you should:

1) Check your RouteConfig and exactly default route. By default visual studio sets the default route Home/Index action. Here you can choose your own one;

2) Check your Startup.Auth file, which is a part of Startup partial class in AppStart folder. Here you have all your OWIN authorization middleware setup. One line of code is LoginPath = PathString("~/Account/Login"). This is the place where you can configure behavior of unauthorized request in MVC itself;

3) Check your web.config file just for sure that you do not use old style membership configuration rules

Hope that helps