From 65942bdeeaf6fd393c63f71ecadb46d3b97de0d2 Mon Sep 17 00:00:00 2001
From: Chidozie Ononiwu <chononiw@microsoft.com>
Date: Thu, 19 Feb 2026 17:38:03 -0800
Subject: [PATCH] double WWW-Authenticate response header. Resolve Issue #949

---
 .../src/Areas/Server/Commands/ServiceStartCommand.cs | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/core/Microsoft.Mcp.Core/src/Areas/Server/Commands/ServiceStartCommand.cs b/core/Microsoft.Mcp.Core/src/Areas/Server/Commands/ServiceStartCommand.cs
index 6cf551bb1c..10a585e326 100644
--- a/core/Microsoft.Mcp.Core/src/Areas/Server/Commands/ServiceStartCommand.cs
+++ b/core/Microsoft.Mcp.Core/src/Areas/Server/Commands/ServiceStartCommand.cs
@@ -483,10 +483,18 @@ private IHost CreateHttpHost(ServiceStartOptions serverOptions)
                         HttpRequest request = context.Request;
                         string resourceMetadataUrl = $"{request.Scheme}://{request.Host}/.well-known/oauth-protected-resource";
 
+                        context.Response.StatusCode = 401;
+
+                        var header = $"Bearer realm=\"{request.Host}\", resource_metadata=\"{resourceMetadataUrl}\"";
+                        if (!string.IsNullOrEmpty(context.Error))
+                            header += $", error=\"{context.Error}\"";
+                        if (!string.IsNullOrEmpty(context.ErrorDescription))
+                            header += $", error_description=\"{context.ErrorDescription}\"";
+                            
                         // Modify the WWW-Authenticate header to include resource_metadata
-                        context.Response.Headers.WWWAuthenticate =
-                            $"Bearer realm=\"{request.Host}\", resource_metadata=\"{resourceMetadataUrl}\"";
+                        context.Response.Headers.WWWAuthenticate = header;
                     }
+                    context.HandleResponse();
                     return Task.CompletedTask;
                 }
             };