public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext != null) { // By pass Authorization when AllowAnonymous Attribute found if (actionContext.ActionDescriptor.GetCustomAttributes <System.Web.Http.AllowAnonymousAttribute>().Any() || actionContext.ActionDescriptor.GetCustomAttributes <System.Web.Mvc.AllowAnonymousAttribute>().Any()) { return; } if (!AuthorizeRequest(actionContext)) { // consider writing to action response instead of throwing http exception // throw new WebApiException(ErrorList.EmptyToken, HttpStatusCode.BadRequest); var error = new ErrorObject(ErrorList.InvalidToken); actionContext.Response = actionContext.Response ?? new HttpResponseMessage(); actionContext.Response.StatusCode = HttpStatusCode.BadRequest; actionContext.Response.Content = error.ToContent(); //SkySiteLogManager.WriteLog(string.Format("Authorization failed: \r\n{0}", error.ToJson()), Severity.Error); } } }