Ad

What Response Should I Give, If Not Unauthorized?

We are going to let users upload files and we need to be able to protect their files such that only they can access them. In order to do this I am using OWIN app.UseStaticFiles() to handle static file requests. If the request goes to a specific base folder then I check the user's id and verify they have access to the requested folder.

If they don't have access I am returning an Unauthorized response. However, I noticed that in doing so it takes the user to the login page which wasn't what I expected. Obviously this isn't a matter of needing to login, but a matter of they just don't have access and should receive a response stating such.

Should I be giving a different response?

Ad

Answer

You can use a 403 Forbidden error insead

Ad
source: stackoverflow.com
Ad