WindowsAzureActiveDirectoryBearerAuthenticationOptions la redirection sur l'authentification a échoué

Question

J'ai une application MVC qui gère également une compétence alexa. L'authentification pour la compétence alexa se fait en utilisant WindowsAzureActiveDirectoryBearerAuthentication comme ceci:

app.Use(typeof(AlexaJWTMiddleware)); 
     app.UseWindowsAzureActiveDirectoryBearerAuthentication(
      new WindowsAzureActiveDirectoryBearerAuthenticationOptions 
      { 
       Tenant = domain, 
       TokenValidationParameters = new TokenValidationParameters 
       { 
        ValidAudience = ConfigurationManager.AppSettings["ida:AppIdUri"] 
       }, 
       AuthenticationType = "OAuth2Bearer", 
      }); 

et vient alors l'authentification pour la partie MVC qui se fait comme ceci:

app.UseCookieAuthentication(new CookieAuthenticationOptions 
     { 
      // This is NOT ASP.NET Session Timeout (that should be set to same value in web.config) 
      // This is the expiration on the cookie that holds the Azure AD token 
      ExpireTimeSpan = TimeSpan.FromMinutes(Convert.ToDouble(expirationTimeSpan)), 

      // Set SlidingExpiration=true to instruct the middleware to re-issue a new cookie 
      // with a new expiration time any time it processes a request which is more than 
      // halfway through the expiration window. 
      SlidingExpiration = true, 

      Provider = new CookieAuthenticationProvider 
      { 
       // This method is called every time the cookie is authenticated, which 
       // is every time a request is made to the web app 
       OnValidateIdentity = CookieAuthNotification.OnValidateIdentity 
      } 
     }); 

     app.UseOpenIdConnectAuthentication(
      new OpenIdConnectAuthenticationOptions 
      { 
       ClientId = clientId, 
       Authority = authority, 
       UseTokenLifetime = false, 
       /* 
       * Skipping the Home Realm Discovery Page in Azure AD 
       * http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/ 
       */ 
       Notifications = new OpenIdConnectAuthenticationNotifications 
       { 
        RedirectToIdentityProvider = OpenIdConnectNotification.RedirectToIdentityProvider, 
        MessageReceived = OpenIdConnectNotification.MessageReceived, 
        SecurityTokenReceived = OpenIdConnectNotification.SecurityTokenReceived, 
        SecurityTokenValidated = OpenIdConnectNotification.SecurityTokenValidated, 
        AuthorizationCodeReceived = OpenIdConnectNotification.AuthorizationCodeReceived, 
        AuthenticationFailed = OpenIdConnectNotification.AuthenticationFailed 
       }, 

      }); 

Tout fonctionne très bien, mais pour le alexa authentification Je n'ai aucun moyen de faire une action personnalisée au cas où l'authentification échouerait. Je dois retourner une réponse à alexa quand cela se produit, et WindowsAzureActiveDirectoryBearerAuthenticationOptions n'a rien de semblable à la méthode OpenIdConnectAuthenticationNotifications.AuthenticationFailed. Comment envoyer une réponse personnalisée à alexa?

Answer 1

Pour personnaliser la demande non autorisée de l'API Web, nous pouvons créer un attribut d'autorisation personnalisé comme ci-dessous:

public class CustomAuthorization : AuthorizeAttribute 
{ 
    protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) 
    { 
     actionContext.Response = new HttpResponseMessage 
     { 
      StatusCode = HttpStatusCode.Unauthorized, 
      Content = new StringContent("You are unauthorized to access this resource!") 
     }; 
    } 
} 

[CustomAuthorization] 
public class ValuesController : ApiController 
{ 
    public ValuesController() 
    { 
    } 

    // GET api/values 
    public IEnumerable<string> Get() 
    {  
     return new string[] { "value1", "value2" }; 
    }  

}