ServiceStack 401 authentication prompt in browser

Question

I'm using ServiceStack 3.9.70 on IIS8 - when POSTing invalid user creds to the default authentication provider service at "auth/credentials" a "401 unauthorized" response is returned as expected along with the browser (both chrome and firefox) prompting for "Authentication Required".

This is all in the context of an angularjs app and I'm handling the 401 response accordingly however the browser prompt is quite annoying and I want it gone. How can I prevent the browser from prompting for credentials when a 401 response is returned from my ServiceStack authentication service?

Thanks!

Answer 1

Sometimes a good night sleep makes all the difference. I solved this by simply disabling basic authentication. I made an entry in my web.config but the same change can be made directly in IIS under the site's "Authentication" feature. Now the 401 response can be handled accordingly by my angular app without the browser throwing a prompt.

<system.webServer>
  <security>
     <authentication>
       <basicAuthentication enabled="false" />
     </authentication>
  </security>
</system.webServer>

Answer 2

i think the 401 response is appropriate for standard http status code protocol , similar to the 403 Forbidden response.

if you want to avoid the credential handshake and save bandwidth you can include in the HEAD request on the same resource at each RESTful request you sending.