Update API

WebAPI/Handlers/BasicAuthorizationMiddlewareResultHandler.cs

@@ -0,0 +1,43 @@
+namespace WebAPI.Handlers
+{
+    using Microsoft.AspNetCore.Authorization;
+    using Microsoft.AspNetCore.Authorization.Policy;
+    using Microsoft.AspNetCore.Http;
+    using System.Linq;
+    using System.Threading.Tasks;
+
+    public class BasicAuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
+    {
+        private readonly AuthorizationMiddlewareResultHandler defaultHandler = new();
+
+        public async Task HandleAsync(
+            RequestDelegate next,
+            HttpContext context,
+            AuthorizationPolicy policy,
+            PolicyAuthorizationResult authorizeResult)
+        {
+            // If the authorization was forbidden and the resource had a specific requirement,
+            // provide a custom 404 response.
+            if (authorizeResult.Forbidden
+                && authorizeResult.AuthorizationFailure!.FailedRequirements
+                    .OfType<Show404Requirement>().Any())
+            {
+                // Return a 404 to make it appear as if the resource doesn't exist.
+                context.Response.StatusCode = StatusCodes.Status404NotFound;
+                return;
+            }
+
+            if (string.IsNullOrWhiteSpace(context.Request.Headers["accessToken"]))
+            {
+                context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+                return;
+
+            }
+            // Fall back to the default implementation.
+            //await defaultHandler.HandleAsync(next, context, policy, authorizeResult);
+            await next(context);
+        }
+    }
+
+    public class Show404Requirement : IAuthorizationRequirement { }
+}