protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { var endpoint = Context.GetEndpoint(); if (endpoint?.Metadata?.GetMetadata <IAllowAnonymous>() != null) { return(AuthenticateResult.NoResult()); } if (!Request.Headers.ContainsKey("Authorization")) { throw new UnauthorizedException("Missing Authorization Header"); } string[] credentials; try { var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]); var credentialBytes = Convert.FromBase64String(authHeader.Parameter); credentials = Encoding.UTF8.GetString(credentialBytes).Split(new[] { ':' }, 2); } catch { throw new UnauthorizedException("Invalid Authorization Header"); } var user = await authService.AuthentificateAsync(credentials[0], credentials[1]); var claims = new[] { new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()), new Claim(ClaimTypes.Name, user.Name), }; var identity = new ClaimsIdentity(claims, Scheme.Name); var principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, Scheme.Name); return(AuthenticateResult.Success(ticket)); }