return status code Unauthorized for custom IActionFilter in WebAPI

You are probably best sticking to an exception but using the HttpResponseException which will return an Http status code too.

throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Unauthorized));

Good question here about this.

p.s.

It may be simpler/cleaner to implement ActionFilterAttribute

public class AccessActionFilter : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {
        var result = //code to see if they have permission returns either 0 or 1

        if (result==0) 
        {
            throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Unauthorized));
        }
        base.OnActionExecuting(actionContext);
    }

}

Instead of throwing exception you can set status code

public class ExecutionFilterAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {
        var result = 0;//code to see if they have permission returns either 0 or 1

        if (result == 0)
        {
            actionContext.Response = new HttpResponseMessage()
            {
                StatusCode = HttpStatusCode.Unauthorized,
                Content = new StringContent("Unauthorized User")
            };
        }
        base.OnActionExecuting(actionContext);
    }
}

return status code Unauthorized for custom IActionFilter in WebAPI

Tags:

Asp.Net Web Api

Asp.Net Mvc 4

Action Filter

Related

Recent Posts