Archive for the ‘ASP .NET MVC’ category

Web Development

April 26, 2016



Returning 401 HTTP Status Code on Authentication Failure in MVC 5 Web API’s

April 15, 2016

Was experiencing a problem that my AJAX requests were not receiving any 401 errors.

Turns out the security pipeline in OWIN and MVC 5 has changed and a custom filter attribute was no longer returning 401 and 403 status codes. Instead it returns a 200 status code and inserting the following information in the header.

X-Responded-JSON: {"status":401,"headers":{"location":"http:\/\/localhost:59540\/Account"}}

As a result JQuery does not detect the error and simply did nothing. Fortunately this great article by Kevin Junghans helped to solve this problem.

After reading this article I discovered the following the OWIN help:

“The LoginPath property informs the middleware that it should change an outgoing 401 Unauthorized status code into a 302 redirection onto the given login path. The current url which generated the 401 is added to the LoginPath as a query string parameter named by the ReturnUrlParameter. Once a request to the LoginPath grants a new SignIn identity, the ReturnUrlParameter value is used to redirect the browser back to the url which caused the original unauthorized status code.

If the LoginPath is null or empty, the middleware will not look for 401 Unauthorized status codes, and it will not redirect automatically when a login occurs.”

Hopefully this saves you the time I spent bumbling around in the deep, dark pit of despair.


Integrating MVC 4, Entity Framework and Castle Windsor

July 29, 2013

This is an MVC 4 project demonstrating how to configure Castle Windsor as a dependency injection container. It also demonstrates the use of the repository pattern with Entity Framework 5.


How to unit test a custom Controller Factory in ASP .NET MVC?

January 25, 2013

Using Inversion of Control (IoC) and Dependency Injection (DI) with MVC is an extremely powerful architecture choice. In the MVC world, this usually means implementing a customized controller factory that hooks in to your DI container and supplies dependencies to your controller classes. Since this controller functionality is no longer standard MVC, it’s a good idea to test its operation. However this is one of the challenges as some of the methods you can override are not public but protected.

Here is my simplified custom controller factory:

    public class CustomControllerFactory : DefaultControllerFactory
        private readonly IWindsorContainer _windsorContainer;

        public CustomControllerFactory(IWindsorContainer windsorContainer)
            _windsorContainer = windsorContainer;

        protected override IController GetControllerInstance(System.Web.Routing.RequestContext requestContext, Type controllerType)
            if (controllerType == null)
                throw new HttpException(404, string.Format("The controller for path '{0}' could not be found.", requestContext.HttpContext.Request.Path));

            if (_windsorContainer.Kernel.HasComponent(controllerType))
                return (IController)_windsorContainer.Resolve(controllerType);

            return base.GetControllerInstance(requestContext, controllerType);

You will notice, I have overridden the GetControllerInstance method in order to hook into my DI container – in this case Castle Windsor. And this is usually something you would want to test, especially if you have additional functionality (such as overrides) built into this method.

So how to test? The short answer: Reflection to the rescue. Invoke the protected method like so:

var method2 = (typeof(WindsorControllerFactory)).GetMethod("GetControllerInstance", BindingFlags.Instance | BindingFlags.NonPublic);


var result2 = method2.Invoke(controllerFactory, new object[] { mockHttp.Request.RequestContext, typeof(HomeController) });

Assert.AreEqual("HomeController", result2.GetType().Name);

Simple and effective, and now you’re able to test your assertions against the output of this method.