How can i override default message Authorization has been denied for this request

Question

How can i change the default response message with a custom one in MVC WebApi?

{ "Message": "Authorization has been denied for this request." }

Thanks in advance

This is my custom ResponseModel

public class DefaultResponseModel<T>
    {
        public string ResponseID { get; private set; }
        public DateTimeOffset ResponseDateTime { get; private set; }
        public string RequestMethod { get; private set; }
        public string IPAddress { get; private set; }
        public T Data { get; set; }

        public DefaultResponseModel(ApiController controller)
        {
            ResponseDateTime = DateTimeOffset.Now;
            RequestMethod = controller.Request.Method.ToString();
            if (controller.Request.Properties.ContainsKey("MS_HttpContext"))
            {
                var ctx = controller.Request.Properties["MS_HttpContext"] as HttpContextBase;
                if (ctx != null)
                {
                    IPAddress = ctx.Request.UserHostAddress;
                }
                else
                {
                    IPAddress = "--";
                }
            }
            ResponseID = controller.Request.Properties.FirstOrDefault(x => x.Key == "RequestID").Value.ToString();
        }
        public DefaultResponseModel(HttpRequestMessage Request)
        {
            ResponseDateTime = DateTimeOffset.Now;
            RequestMethod = Request.Method.ToString();
            if (Request.Properties.ContainsKey("MS_HttpContext"))
            {
                var ctx = Request.Properties["MS_HttpContext"] as HttpContextBase;
                if (ctx != null)
                {
                    IPAddress = ctx.Request.UserHostAddress;
                }
                else
                {
                    IPAddress = "--";
                }
            }
            ResponseID = Request.Properties.FirstOrDefault(x => x.Key == "RequestID").Value.ToString();


        }

I'd like to use it in the authorize code as you said, becouse i generate a ResponseID and i send it to my response model. I want to use the same model for each response.

Answer 1

You would have to create a class that derives from AuthorizeAttribute and override the HandleUnauthorizedRequest method. Something like this in Web API (note: this is not tested):

using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
    {
        actionContext.Response = actionContext.Request.CreateErrorResponse(
            HttpStatusCode.Forbidden, 
            "Custom message goes here");
    }
}

Then wherever you were using AuthorizeAttribute, replace it with MyAuthorizeAttribute instead.

For MVC, you inherit System.Web.Mvc.AuthorizeAttribute instead.

public class MyAuthorizeAttribute : AuthorizeAttribute
{
    protected override void HandleUnauthorizedRequest(AuthorizationContext actionContext)
    {
        actionContext.Result = new HttpStatusCodeResult(
            HttpStatusCode.Forbidden, 
            "Custom message goes here");
    }
}