According to the documentation: https://docs.servicestack.net/auth/authentication-and-authorization#authenticating-with.net-service-clients
Although behind-the-scenes it ends up making 2 requests, 1st request sends a normal request which will get rejected with a 401 Unauthorized and if the Server indicates it has the BasicAuthProvider enabled it will resend the request with the HTTP Basic Auth credentials.
We are using the typescript JsonClient:
https://api.locode.dev/classes/client.JsonServiceClient.html#responseFilter
We are using basic auth but on specific endpoints but do not want to fallback to it. Is there a way to disable this fallback ?
Browsers will automatically resend a failed 401 Basic Authenticate which responds with a WWW-Authenticate HTTP Response header.
You can override OnFailedAuthentication() to prevent it from returning a HttpHeaders.WwwAuthenticate in a custom AuthProvider:
public virtual Task OnFailedAuthentication(IAuthSession session, IRequest httpReq, IResponse httpRes)
{
httpRes.StatusCode = (int)HttpStatusCode.Unauthorized;
httpRes.AddHeader(HttpHeaders.WwwAuthenticate, "{0} realm=\"{1}\"".Fmt(this.Provider, this.AuthRealm));
return HostContext.AppHost.HandleShortCircuitedErrors(httpReq, httpRes, httpReq.Dto);
}