Use custom handler

pawel-baran-se · pawel-baran-se · commit 76e44d0da2ab · 2025-05-19T14:58:04.000+02:00
diff --git a/mnestix-proxy/Authentication/ApiKeyAuthentication/AuthorizationMiddlewareResultHandler.cs b/mnestix-proxy/Authentication/ApiKeyAuthentication/AuthorizationMiddlewareResultHandler.cs
@@ -0,0 +1,47 @@
+﻿using Microsoft.AspNetCore.Authorization.Policy;
+using Microsoft.AspNetCore.Authorization;
+
+namespace mnestix_proxy.Authentication.ApiKeyAuthentication
+{
+    public class CustomAuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
+    {
+        private readonly AuthorizationMiddlewareResultHandler _defaultHandler = new();
+
+        public async Task HandleAsync(RequestDelegate next, HttpContext context,
+            AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
+        {
+            if (authorizeResult.Forbidden)
+            {
+                context.Response.StatusCode = StatusCodes.Status403Forbidden;
+                context.Response.ContentType = "application/json";
+
+                var message = "Forbidden";
+                if (authorizeResult.AuthorizationFailure?.FailureReasons?.Any() == true)
+                {
+                    message = authorizeResult.AuthorizationFailure.FailureReasons
+                        .Select(r => r.Message)
+                        .FirstOrDefault() ?? message;
+                }
+
+                await context.Response.WriteAsJsonAsync(new { error = message });
+                return;
+            }
+
+            if (authorizeResult.Challenged)
+            {
+                context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+                context.Response.ContentType = "application/json";
+
+                await context.Response.WriteAsJsonAsync(new
+                {
+                    error = "Unauthorized: You must provide valid authentication credentials."
+                });
+                return;
+            }
+
+            // Proceed normally
+            await _defaultHandler.HandleAsync(next, context, policy, authorizeResult);
+        }
+    }
+
+}
diff --git a/mnestix-proxy/Authentication/AuthenticationServicesRegistration.cs b/mnestix-proxy/Authentication/AuthenticationServicesRegistration.cs
@@ -1,6 +1,8 @@
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.Identity.Web;
 using Microsoft.IdentityModel.Tokens;
+using mnestix_proxy.Authentication.ApiKeyAuthentication;
 
 namespace mnestix_proxy.Authentication;
 
@@ -55,11 +57,7 @@ public static void AddAuthenticationServices(this IServiceCollection services, I
             services.AddMicrosoftIdentityWebApiAuthentication(configuration);
         }
         else {
-            services.AddAuthentication(options =>
-            {
-                options.DefaultAuthenticateScheme = null;
-                options.DefaultChallengeScheme = null;
-            });
+            services.AddSingleton<IAuthorizationMiddlewareResultHandler, CustomAuthorizationMiddlewareResultHandler>();
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,8 @@`
`1`	`1`	`using Microsoft.AspNetCore.Authentication.JwtBearer;`
	`2`	`+using Microsoft.AspNetCore.Authorization;`
`2`	`3`	`using Microsoft.Identity.Web;`
`3`	`4`	`using Microsoft.IdentityModel.Tokens;`
	`5`	`+using mnestix_proxy.Authentication.ApiKeyAuthentication;`
`4`	`6`
`5`	`7`	`namespace mnestix_proxy.Authentication;`
`6`	`8`
`@@ -55,11 +57,7 @@ public static void AddAuthenticationServices(this IServiceCollection services, I`
`55`	`57`	`services.AddMicrosoftIdentityWebApiAuthentication(configuration);`
`56`	`58`	`}`
`57`	`59`	`else {`
`58`		`- services.AddAuthentication(options =>`
`59`		`- {`
`60`		`- options.DefaultAuthenticateScheme = null;`
`61`		`- options.DefaultChallengeScheme = null;`
`62`		`- });`
	`60`	`+ services.AddSingleton<IAuthorizationMiddlewareResultHandler, CustomAuthorizationMiddlewareResultHandler>();`
`63`	`61`	`}`
`64`	`62`	`}`
`65`	`63`	`}`