IHttpActionResult - How to use?

Question

I've seen examples of using some of the new IHttpActionResults for OK, NotFound. I haven't seen anything using Unauthorized().

my existing code looks like:

catch (SecurityException ex)
{
    request.CreateResponse(HttpStatusCode.Unauthorized, ex.Message);
}

I'd like to replace it with this:

catch (SecurityException ex)
{
    response = Unauthorized();
}

but I don't see any overload to pass exception details.

Also, what is the IHttpActionResult equivalent of returning a 500 error?

catch (Exception ex)
{
    response = request.CreateErrorResponse(HttpStatusCode.InternalServerError, 
                                           ex.Message);
}

Answer 1

Per the code for ApiController, there are only two overloads for Unauthorized():

/// <summary>
/// Creates an <see cref="UnauthorizedResult"/> (401 Unauthorized) with the specified values.
/// </summary>
/// <param name="challenges">The WWW-Authenticate challenges.</param>
/// <returns>An <see cref="UnauthorizedResult"/> with the specified values.</returns>
protected internal UnauthorizedResult Unauthorized(params AuthenticationHeaderValue[] challenges)
{
    return Unauthorized((IEnumerable<AuthenticationHeaderValue>)challenges);
}

/// <summary>
/// Creates an <see cref="UnauthorizedResult"/> (401 Unauthorized) with the specified values.
/// </summary>
/// <param name="challenges">The WWW-Authenticate challenges.</param>
/// <returns>An <see cref="UnauthorizedResult"/> with the specified values.</returns>
protected internal virtual UnauthorizedResult Unauthorized(IEnumerable<AuthenticationHeaderValue> challenges)
{
    return new UnauthorizedResult(challenges, this);
}

So it looks like you are out of luck, unless you want to make the change yourself (fork your own version of WebAPI or do a pull request to attempt to get it into the main branch).

---

The IHttpActionResult equivalent of returning a 500 error is this:

/// <summary>
/// Creates an <see cref="ExceptionResult"/> (500 Internal Server Error) with the specified exception.
/// </summary>
/// <param name="exception">The exception to include in the error.</param>
/// <returns>An <see cref="ExceptionResult"/> with the specified exception.</returns>
protected internal virtual ExceptionResult InternalServerError(Exception exception)
{
    return new ExceptionResult(exception, this);
}

Answer 2

You can read more about Unathorized() here How do you return status 401 from WebAPI to AngularJS and also include a custom message? If found another way - without throwing an exception and using HttpResponseMessage as return type of your controller , you can do it like this:

return ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "I am unauthorized IHttpActionResult custom message!"));

More about ResponseMessage() here http://msdn.microsoft.com/en-us/library/system.web.http.apicontroller.responsemessage%28v=vs.118%29.aspx

Answer 3

This is my solution for a 500 exception with custom message (expanded on from here: https://stackoverflow.com/a/10734690/654708)

Base class for all Web API controllers

public abstract class ApiBaseController : ApiController
{
    protected internal virtual IHttpActionResult InternalServerError(Exception ex, string message = null)
    {
        var customMsg = String.IsNullOrWhiteSpace(message) ? "" : String.Format("Custom error message : {0}. ", message);
        var errorMsg = String.Format("{0}{1}", customMsg, ex);
        return new InternalServerErrorWithMessageResult(errorMsg);
    }
}

public class InternalServerErrorWithMessageResult : IHttpActionResult
{
    private readonly string message;

    public InternalServerErrorWithMessageResult(string message)
    {
        this.message = message;
    }

    public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
    {
        var response = new HttpResponseMessage(HttpStatusCode.InternalServerError)
                       {
                           Content = new StringContent(message)
                       };
        return Task.FromResult(response);
    }
}

Sample Web API controllers

public class ProductController : ApiBaseController
{
    public IHttpActionResult GetProduct(int id)
    {
        try
        {
            var product = productService.GetProduct(id);
            return Ok(product); // 200 w/ product
        } catch(Exception ex)
        {
           //return InternalServerError(ex); // Uses default InternalServerError
           return InternalServerError(ex, "My custom message here"); // Uses custom InternalServerError
        }
    }    

}