.net Core WebAPI Forbid方法返回状态码500而不是403

我不明白,我的代码有什么问题。

using System;
using Microsoft.AspNetCore.Mvc;

namespace DE.ZA.MobilePickingApp.Controllers {
    [Route("api/[controller]")]
    [ApiController]
    public class UserController : ControllerBase {

        [HttpPost("Login")]
        public ActionResult<Guid> Login([FromBody]string password) {
            if (password == "My Super Safe Password")
                return Ok(new Guid());
            else
                return StatusCode(403);
        }
    }
}

When I replace return StatusCode(403); with return Forbid();, instead of returning HTTP status 403 to the client, it returns status 500. Why is that?

评论