Monthly Archives: October 2014

401 vs 403

For years, there’s been an ongoing discussion which HTTP status code to use for “not authorized” scenario – and the original HTTP 1.1 specification wasn’t exactly crystal clear about the distinction between 401 (unauthorized) and 403 (forbidden). But there is … Continue reading

Posted in .NET Security, ASP.NET, Katana, OAuth, OWIN, WebAPI | Leave a comment