Why doesn't ForbidResult inherit from StatusCodeResult like other result types? #59019
Unanswered
Claudiu2222
asked this question in
Q&A
Replies: 1 comment 1 reply
-
Just guessing here, but the doc comments on
https://source.dot.net/#Microsoft.AspNetCore.Mvc.Core/ForbidResult.cs,12 So the auth library you're using should be setting an appropriate status code for your application. Whereas the other types you listed are just wrappers around setting a specific response status code. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have noticed that while results such as
BadRequestResult
,ConflictResult
,NoContentResult
,NotFoundResult
,OkResult
,UnauthorizedResult
,UnprocessableEntityResult
, andUnsupportedMediaTypeResult
inherit fromStatusCodeResult
, theForbidResult
does not. Instead, it inherits directly fromActionResult
.I believe that due to this inheritance difference, when returning a
ForbidResult
from a controller action, it unexpectedly returns a status code of 200 OK instead of the intended 403 Forbidden status code. The solution for this would be to directly return a new StatusCodeResult obj.I'm particularly curious about why
ForbidResult
behaves differently in this regard. Is this behavior intentional, and if so, what was the rationale behind this design decision?Thank you!
Beta Was this translation helpful? Give feedback.
All reactions