How to return custom message if Authorize fails in WebAPI

Kgn-web picture Kgn-web · Feb 28, 2017 · Viewed 20.7k times · Source

In my WebAPI project, I have number of apis which are decorated with [Authorize] attribute.

[Authorize]
public HttpResponseMessage GetCustomers()
{
   //my api
}

In case user doesn't have the right token, an access denied exception is returned to the user.

But what I need is that in any such case, I need to return the custom response message as.

{
  "StatusCode" : 403,
  "message": "You donot have sufficient permission"
}

How do I return this custom message in case authorization fails.

Please note:

  • I am using Owin - Token based authentication.
  • I am not storing the access token in my database or anywhere else.

Answer

MANISH KUMAR CHOUDHARY picture MANISH KUMAR CHOUDHARY · Feb 28, 2017

There are different ways to do this but one of the best way could be custom authorization attributes.You just need to inherit the AuthorizeAttribute and override HandleUnauthorizedRequest() method of it.

public class CustomAuthorization : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
    {
        actionContext.Response = new HttpResponseMessage
        {
            StatusCode = HttpStatusCode.Forbidden,
            Content = new StringContent("You are unauthorized to access this resource")
        };
    }
}

and use this like(CustomAuthorization should be used in-place of Authorize)

    [CustomAuthorization]       
    public IHttpActionResult Get()
    {
        return Ok();
    }

Otherwise you can also catch the status code in client side and display the custom message of your choice.