I know this is somewhat old question, but to solve this, I decided to use HttpContext.Items in my implementation of IAuthenticationService to put a value with key like AuthenticationException there, and then read that in other middleware or filter.

Note that It may look tempting to use HttpContext.Features.Get<IAuthenticateResultFeature>().AuthenticateResult, but this feature is not set for failed authentications! I've spent several hours debugging this, only to understand that I need to look for another way.