public override void OnAuthorization(HttpActionContext filterContext)
        {
            string userName      = string.Empty;
            var    request       = filterContext.Request;
            var    authorization = request.Headers.Authorization;


            try
            {
                var token = authorization.Parameter; // filterContext.Request.Headers.SingleOrDefault(x => x.Key == _authorizedToken);
                if (!string.IsNullOrEmpty(token))
                {
                    if (!tokenManager.ValidateToken(token, out userName))
                    {
                        filterContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
                        return;
                    }
                }
                else
                {
                    filterContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
                    return;
                }
            }
            catch (Exception)
            {
                filterContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
                return;
            }

            base.OnAuthorization(filterContext);
        }
        protected Task <IPrincipal> AuthenticateJwtToken(string token)
        {
            string username;

            if (tokenManager.ValidateToken(token, out username))
            {
                // based on username to get more information from database in order to build local identity
                var claims = new List <Claim>
                {
                    new Claim(ClaimTypes.Name, username),
                    new Claim(ClaimTypes.Role, "Admin"),
                    new Claim(ClaimTypes.Role, "SuperUser")
                    // Add more claims if needed: Roles, ...
                };

                var        identity = new ClaimsIdentity(claims, "Jwt");
                IPrincipal user     = new ClaimsPrincipal(identity);

                return(Task.FromResult(user));
            }

            return(Task.FromResult <IPrincipal>(null));
        }