Return status code with an authorization filter

Question

I want to check if the access token is in the blacklist, and then return Unauthorized.

public class CheckBannedTokenAttribute : Attribute, IAsyncAuthorizationFilter
{
    public Task OnAuthorizationAsync(AuthorizationFilterContext context)
    {
        if (TokenInBlackList("232322323"))
        {
            //context.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
        }
    }
}

Answer 1

This will give you the classic "401 Unauthorized" that you expect.

async Task IAsyncAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
{
    ClaimsPrincipal user = context.HttpContext.User;

    if (!user.Identity.IsAuthenticated)
    {
        context.Result = new ChallengeResult();
    }
}

Answer 2

You are right that you need to fill context.Result. Cause you want to return 401 Unauthorized as response, use built-in UnauthorizedResult class:

if (TokenInBlackList("232322323"))
{
   context.Result = new UnauthorizedResult();
   return Task.CompletedTask;
}

In general, this is the same as new StatusCodeResult(401)

Answer 3

your code seems all good, simply initialize the Response and return Task

if (TokenInBlackList("232322323")){
    context.Response = context.Request.CreateResponse(HttpStatusCode.Unauthorized);
    return Task.FromResult<object>(null);
}