Open Closed

Access Denied Errors Returning HTML Instead of JSON? #2614


User avatar
0
admin@atlaslabs.io created

I'm having an issue where API REST clients are getting HTML returned (with HTTP 200) for permissions errors instead of JSON, despite the client explicitly stating application/json is accepted. According to the ABP framework documentation at https://docs.abp.io/en/abp/latest/Exception-Handling, I should be receiving only json, no?

  • ABP Framework version: v5.1.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace: 2022-02-18 03:43:30.641 +00:00 [INF] Route matched with {action = "Create", controller = "Incident", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Atlas.CadHub.Incidents.IncidentDto] CreateAsync(Atlas.CadHub.Incidents.IncidentDto) on controller Atlas.CadHub.Incidents.IncidentAppService (Atlas.CadHub.Application). 2022-02-18 03:43:31.946 +00:00 [INF] Authorization failed. These requirements were not met: PermissionRequirement: CadHub.Incidents.Create 2022-02-18 03:43:31.975 +00:00 [WRN] ---------- RemoteServiceErrorInfo ---------- { "code": "Volo.Authorization:010002", "message": "Authorization failed! Given policy has not granted: CadHub.Incidents.Create", "details": null, "data": { "PolicyName": "CadHub.Incidents.Create" }, "validationErrors": null }

2022-02-18 03:43:31.976 +00:00 [WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, String policyName) ... at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.

2022-02-18 03:43:31.979 +00:00 [ERR] Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown. at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, String policyName) at Volo.Abp.Application.Services.ApplicationService.CheckPolicyAsync(String policyName) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous(IInvocation invocation, IInvocationProceedInfo proceedInfo) ... at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.

  • Steps to reproduce the issue:"
  1. Set API client Accept header to "application/json"
  2. Attempt API call from client not having appropriate permission

1 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Can you check this? : https://github.com/abpframework/abp/issues/5235#issuecomment-727700212

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38