public async Task InvokeAsync(HttpContext context, RequestDelegate next)
        {
            string ipaddress = "127.0.0.1";

            if (context.Connection.RemoteIpAddress != null)
            {
                ipaddress = context.Connection.RemoteIpAddress.ToString();
            }
            _session.SetString("LoginUserID", "0");
            _session.SetString("LoginRemoteIpAddress", ipaddress);
            _session.SetString("LoginTypeParam", "1");

            TokenData _tokenData   = null;
            var       access_token = "";
            var       hdtoken      = context.Request.Headers["Authorization"];

            if (hdtoken.Count > 0)
            {
                access_token = hdtoken[0];
                access_token = access_token.Replace("Bearer ", "");
                var handler = new JwtSecurityTokenHandler();
                var tokenS  = handler.ReadToken(access_token) as JwtSecurityToken;
                _tokenData = Globalfunction.GetTokenData(tokenS);
            }
            else
            {
                //TODO for some
                var      pathstr = context.Request.Path.ToString();
                string[] patharr = pathstr.Split('/');
                //int prequest = Array.IndexOf(patharr, "public");
                int prequest = Array.IndexOf(patharr, "api");

                if (prequest > 0)
                {
                    await next(context);
                }
                else
                {
                    await ResponseMessage(new { status = "fail", message = "Access Denied" }, context, 400);
                }
            }
            //  _objdb = DB;
            if (!context.Request.Path.Equals(_options.Path, StringComparison.Ordinal))
            {
                // await next(context);
                var methodName = context.Request.Path.ToString().Split("/")[3];
                //Regenerate newtoken for not timeout at running
                string newToken = "";
                try
                {
                    var      pathstr         = context.Request.Path.ToString();
                    string[] patharr         = pathstr.Split('/');
                    int      prequest        = Array.IndexOf(patharr, "public");
                    int      trequest        = Array.IndexOf(patharr, "testapi");
                    int      flowrequest     = Array.IndexOf(patharr, "TLG");
                    int      customerrequest = Array.IndexOf(patharr, "CutomerMobile");

                    if (prequest < 1 && trequest < 1 && flowrequest < 1 && customerrequest < 1)
                    {
                        var handler = new JwtSecurityTokenHandler();

                        var allow = false;

                        var tokenS = handler.ReadToken(access_token) as JwtSecurityToken;


                        //check userlevel permission
                        if (patharr[1].ToString() == "api")
                        {
                            var      isadmin       = false;
                            tbl_role objAdminLevel = null;
                            if (_tokenData.Userlevelid != "")
                            {
                                objAdminLevel = _repository.Role_Repository.GetRolebyid(int.Parse(_tokenData.Userlevelid));
                            }
                            else
                            {
                                isadmin = true;
                            }
                            //var objAdminLevel = _repository.AdminLevel.FindAdminLevel(int.Parse(_tokenData.Userlevelid));

                            if (objAdminLevel != null)
                            {
                                isadmin = objAdminLevel.role_is_admin;
                            }
                            if (isadmin)
                            {
                                allow = true;
                            }
                            else
                            {
                                // string ipaddress = context.Connection.RemoteIpAddress.ToString();
                                // allow = checkURLPermission(_tokenData, patharr[2], patharr[3], ipaddress);
                                string controllername = patharr[2];
                                string functionname   = patharr[3];
                                string ServiceUrl     = controllername + "/" + functionname;
                            }
                        }
                        if (patharr[1].ToString() == "mobile")
                        {
                            allow = true;
                        }

                        if (allow)
                        {
                            // check token expired
                            double   expireTime = Convert.ToDouble(_options.Expiration.TotalMinutes);
                            DateTime issueDate  = _tokenData.TicketExpireDate.AddMinutes(-expireTime);
                            DateTime NowDate    = DateTime.UtcNow;
                            if (issueDate > NowDate || _tokenData.TicketExpireDate < NowDate)
                            {
                                // return "-2";
                                newToken = "-2";
                            }
                            // end of token expired check

                            var now = DateTime.UtcNow;
                            _tokenData.Jti = new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString();
                            _tokenData.Jti = await _options.NonceGenerator();

                            var claims = Globalfunction.GetClaims(_tokenData);
                            // Create the JWT and write it to a string
                            var jwt = new JwtSecurityToken(
                                issuer: _options.Issuer,
                                audience: _options.Audience,
                                claims: claims,
                                notBefore: now,
                                expires: now.Add(_options.Expiration),
                                signingCredentials: _options.SigningCredentials);
                            var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
                            //  return encodedJwt;
                            newToken = encodedJwt;
                            _session.SetString("LoginUserID", _tokenData.UserID);
                            _session.SetString("LoginRemoteIpAddress", ipaddress);
                            _session.SetString("LoginTypeParam", "1");
                            if (patharr[1].ToString() == "mobile")
                            {
                                _session.SetString("LoginUserID", _tokenData.UserID);
                                _session.SetString("LoginRemoteIpAddress", ipaddress);
                                _session.SetString("LoginTypeParam", "mobile");
                            }
                        }
                        else
                        {
                            //return "-1";
                            newToken = "-1";
                        }
                    }
                    else
                    {
                        // if request is public, let pass without token.
                        await next(context);
                    }
                }
                catch (Exception ex)
                {
                    Globalfunction.WriteSystemLog(ex.Message);
                }

                if (newToken == "-1")
                {
                    _repository.EventLog.Info("Not include Authorization Header, Access Denied");
                    context.Response.StatusCode = 400;
                    await ResponseMessage(new { status = "fail", message = "Access Denied" }, context, 400);
                }
                else if (newToken == "-2")
                {
                    context.Response.StatusCode = 400;
                    await ResponseMessage(new { status = "fail", message = "The Token has expired" }, context, 400);
                }
                else if (newToken != "")
                {
                    context.Response.Headers.Add("Access-Control-Expose-Headers", "newToken");
                    context.Response.Headers.Add("newToken", newToken);
                    await next(context);
                }
            }
            else
            {
                // return GenerateToken(context);
                await GenerateToken(context);
            }
        }