All the other filter types have base classes that help with implementing them. Authentication filters don't. Particularly for ChallengeAsync, it would be nice to have a virtual method like this:
Task<HttpResponseMessage> ChallengeAsync(HttpResponseMessage response, CancellationToken cancellationToken)
{
}
which handles decorating the action result and checking 401 for you.
Both MVC and Web API could use such a base class.
Task<HttpResponseMessage> ChallengeAsync(HttpResponseMessage response, CancellationToken cancellationToken)
{
}
which handles decorating the action result and checking 401 for you.
Both MVC and Web API could use such a base class.