Class ForbiddenObjectResult

Namespace

Cuemon.AspNetCore.Mvc

Assembly

Cuemon.AspNetCore.Mvc.dll

An ObjectResult that when executed will produce a Forbidden (403) response.

public class ForbiddenObjectResult : ObjectResult, IStatusCodeActionResult, IActionResult

Inheritance

object

ActionResult

ObjectResult

ForbiddenObjectResult

Implements

IStatusCodeActionResult

IActionResult

Inherited Members

ObjectResult.ExecuteResultAsync(ActionContext)

ObjectResult.OnFormatting(ActionContext)

ObjectResult.Value

ObjectResult.Formatters

ObjectResult.ContentTypes

ObjectResult.DeclaredType

ObjectResult.StatusCode

ActionResult.ExecuteResult(ActionContext)

Examples

ForbiddenObjectResult is an ObjectResult subclass that returns a 403 Forbidden HTTP response with an optional diagnostic payload. This example creates a first result with an anonymous object containing error and requiredRole fields, then inspects its StatusCode (403) and Value. A second result demonstrates overriding the status code to 404 Not Found to obscure resource existence when security through obscurity is preferred. Console output confirms the status code values and the diagnostic payload content.

using System;
using Cuemon.AspNetCore.Mvc;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;

namespace MyApp.Mvc
{
    public class ForbiddenObjectResultExample
    {
        public IActionResult Demonstrate()
        {
            // Return 403 Forbidden with a diagnostic message
            var forbidden = new ForbiddenObjectResult(
                new { error = "Insufficient permissions", requiredRole = "admin" });

            Console.WriteLine($"Status code: {forbidden.StatusCode}");
            Console.WriteLine($"Value: {forbidden.Value}");

            return forbidden;
        }

        public IActionResult DemonstrateWithCustomStatusCode()
        {
            // Return 404 Not Found instead of 403 (to "hide" the resource existence)
            var hidden = new ForbiddenObjectResult(
                "Resource not found.",
                StatusCodes.Status404NotFound);

            Console.WriteLine($"Status code: {hidden.StatusCode}");

            return hidden;
        }
    }
}

Constructors

ForbiddenObjectResult(object, int)

Initializes a new instance of the ForbiddenObjectResult class.

public ForbiddenObjectResult(object value, int statusCode = 403)

Parameters

value object

The value to be returned to the client.

statusCode int

The HTTP status code of the response which has to be in the 400-499 range. Default is 403, but for security reasons you may wish to "hide" this with another, e.g., 400, 404 or whatever fits your strategy.

Remarks

https://www.rfc-editor.org/rfc/rfc9110.html#section-15.5.4