How to process response body on (un)authorized responses?

[pilgren]

Expected Behavior

When creating a custom authentication handler the failure message is not returned in the 401 response from Ocelot. I would expect this failure message to be in the response body so that the API consumer could get a hint of why the authentication failed.

The authentication handler

public class MyAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
    public MyAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock)
        : base(options, logger, encoder, clock)
    {
    }

    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        return AuthenticateResult.Fail("You shall not pass");
    }
}

The startup configuration

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication().AddScheme<AuthenticationSchemeOptions, MyAuthenticationHandler>("MyAuth", null);
    services.AddOcelot(Configuration);
}

Route configuration

{
    "DownstreamHostAndPorts": [
        { "Host": "my.api", "Port": 80 }
    ],
    "DownstreamScheme": "http",
    "DownstreamPathTemplate": "/api/v1/Something/1",
    "UpstreamPathTemplate": "/api/v1/Something/1",
    "UpstreamHttpMethod": ["GET"],
    "RouteIsCaseSensitive": false,
    "AuthenticationOptions": {
        "AuthenticationProviderKey": "MyAuth",
        "AllowedScopes": []
    }
}

Actual Behavior

The authentication handler is working as expected but I am not able to add anything to the response body when I set the failure message on the AuthenticateResult. The body of the 401 response is always empty.

Specifications

• Version: 14.1.0
• Platform: .NET Core 3.1

[raman-m]

When creating a custom authentication handler the failure message is not returned in the 401 response from Ocelot.
I would expect this failure message to be in the response body so that the API consumer could get a hint of why the authentication failed.

🆗

Step 1

Why not to define anonymous route to check required auth status?
Please note, anonymous route returns original status code always!

Step 2

After checking that authentication required obtain token from auth-token generation endpoint

Step 3

Make request to the upstream of auth route with token included.

---

Actual Behavior

The authentication handler is working as expected but I am not able to add anything to the response body when I set the failure message on the AuthenticateResult. The body of the 401 response is always empty.

To convert/transform body just use Delegating Handler ❕ In a handler you can transform both bodies: request and response ones.
In your scenario you have to initialize and process HttpResponseMessage object.

Hope it helps!