[Authentication] Return details when user token authentication fails

Authentication/Business/AuthFilter.cs

@@ -1,7 +1,10 @@
 using System.Collections.Generic;
 using System.Linq;
+using System.Net;
+using System.Net.Http;
 using System.Web.Http;
 using System.Web.Http.Controllers;
+using System.Web.Http.Filters;
 using iiie.Logs.DataAccess;
 using iiie.Logs.DBO;
 
@@ -10,7 +13,7 @@ namespace iiie.Authentication.Business
     /// <summary>
     /// Filter for controllers methods
     /// </summary>
-    public class AuthFilter : AuthorizeAttribute
+    public class AuthFilter : ActionFilterAttribute
     {
         /// <summary>
         /// Authorized roles to access this method
@@ -26,27 +29,25 @@ namespace iiie.Authentication.Business
             UserRoles = roles.ToList();
         }
 
-        /// <summary>
-        /// Check if user can access this method
-        /// </summary>
-        /// <param name="context">HTTP request context</param>
-        /// <returns>True if user can access, false otherwise</returns>
-        protected override bool IsAuthorized(HttpActionContext context)
+        public override void OnActionExecuting(HttpActionContext actionContext)
         {
+            base.OnActionExecuting(actionContext);
             if (!UserRoles.Any())
-                return true;
+                return;
+            OpResult<bool> error = null;
             if (UserStorage.BasicUserDbo == null)
             {
-                OpResult<bool>.Error(ResultStatus.PermissionError, "User is not recognized. Missing token?").Log();
-                return false;
+                error = OpResult<bool>.Error(ResultStatus.PermissionError, "User is not recognized. Missing token?", "").Log();
+            }
+            else if (!UserRoles.Contains(UserStorage.BasicUserDbo.Role))
+            {
+                error = OpResult<bool>.Error(ResultStatus.PermissionError, string.Format("User has role {0}, but only {1} are allowed",
+                    UserStorage.BasicUserDbo.Role, string.Join(",", UserRoles.Select(x => x.ToString()))), "Permission denied").Log();
             }
-            if (!UserRoles.Contains(UserStorage.BasicUserDbo.Role))
+            if (error != null)
             {
-                OpResult<bool>.Error(ResultStatus.PermissionError, string.Format("User has role {0}, but only {1} are allowed",
-                    UserStorage.BasicUserDbo.Role, string.Join(",", UserRoles.Select(x => x.ToString())))).Log();
-                return false;
+                actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, error.PublicDetails);
             }
-            return true;
         }
     }
 }