protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var credentials = ParseAuthorizationHeader(request); if (credentials != null) { var identity = new BasicAuthenticationIdentity(credentials.Name, credentials.Password); var principal = new GenericPrincipal(identity, null); Thread.CurrentPrincipal = principal; //if (HttpContext.Current != null) // HttpContext.Current.User = principal; } return base.SendAsync(request, cancellationToken) .ContinueWith(task => { var response = task.Result; if (credentials == null && response.StatusCode == HttpStatusCode.Unauthorized) Challenge(request, response); return response; }); }