Update tool call authorization failures to throw an McpException

Author: halter73

src/ModelContextProtocol.AspNetCore/AuthorizationFilterSetup.cs

@@ -78,11 +78,7 @@ private void ConfigureCallToolFilter(McpServerOptions options)
             var authResult = await GetAuthorizationResultAsync(context.User, context.MatchedPrimitive, context.Services, context);
             if (!authResult.Succeeded)
             {
-                return new CallToolResult
-                {
-                    Content = [new TextContentBlock { Text = "Access forbidden: This tool requires authorization." }],
-                    IsError = true
-                };
+                throw new McpException("Access forbidden: This tool requires authorization.", McpErrorCode.InvalidRequest);
             }
 
             context.Items[AuthorizationFilterInvokedKey] = true;

tests/ModelContextProtocol.AspNetCore.Tests/AuthorizeAttributeTests.cs

@@ -35,15 +35,15 @@ public async Task Authorize_Tool_RequiresAuthentication()
         await using var app = await StartServerWithAuth(builder => builder.WithTools<AuthorizationTestTools>());
 
         var client = await ConnectAsync();
-        var result = await client.CallToolAsync(
-            "authorized_tool",
-            new Dictionary<string, object?> { ["message"] = "test" },
-            cancellationToken: TestContext.Current.CancellationToken);
 
-        // Should return error because tool requires authorization but user is anonymous
-        Assert.True(result.IsError ?? false);
-        var content = Assert.Single(result.Content.OfType<TextContentBlock>());
-        Assert.Equal("Access forbidden: This tool requires authorization.", content.Text);
+        var exception = await Assert.ThrowsAsync<McpException>(async () =>
+            await client.CallToolAsync(
+                "authorized_tool",
+                new Dictionary<string, object?> { ["message"] = "test" },
+                cancellationToken: TestContext.Current.CancellationToken));
+
+        Assert.Equal("Request failed (remote): Access forbidden: This tool requires authorization.", exception.Message);
+        Assert.Equal(McpErrorCode.InvalidRequest, exception.ErrorCode);
     }
 
     [Fact]
@@ -100,15 +100,15 @@ public async Task AuthorizeWithRoles_Tool_RequiresAdminRole()
         await using var app = await StartServerWithAuth(builder => builder.WithTools<AuthorizationTestTools>(), "TestUser", "User");
 
         var client = await ConnectAsync();
-        var result = await client.CallToolAsync(
-            "admin_tool",
-            new Dictionary<string, object?> { ["message"] = "test" },
-            cancellationToken: TestContext.Current.CancellationToken);
 
-        // Should return error because tool requires Admin role but user only has User role
-        Assert.True(result.IsError ?? false);
-        var content = Assert.Single(result.Content.OfType<TextContentBlock>());
-        Assert.Equal("Access forbidden: This tool requires authorization.", content.Text);
+        var exception = await Assert.ThrowsAsync<McpException>(async () =>
+            await client.CallToolAsync(
+                "admin_tool",
+                new Dictionary<string, object?> { ["message"] = "test" },
+                cancellationToken: TestContext.Current.CancellationToken));
+
+        Assert.Equal("Request failed (remote): Access forbidden: This tool requires authorization.", exception.Message);
+        Assert.Equal(McpErrorCode.InvalidRequest, exception.ErrorCode);
     }
 
     [Fact]