private string Authorize(HttpActionContext actionContext) { va_errors = string.Empty; string requrl = actionContext.Request.RequestUri.AbsoluteUri; Task <string> content = actionContext.Request.Content.ReadAsStringAsync(); HttpRequestHeaders reqheaders = actionContext.Request.Headers; string resauthorizeKey = ""; IUserSessions _usersession = new UserSessions(); // to get Authorization key from Headers IEnumerable <string> headerlst = new List <string>(); if (reqheaders.TryGetValues("Authorization", out headerlst)) { foreach (string value in headerlst) { resauthorizeKey = value; } } string userId = string.Empty; // If userId is passed as a querystring via URL if (requrl.Contains("userId")) { string[] reqparams = requrl.Split('='); userId = reqparams[1]; } else { // If userId is passed via request body string body = content.Result; // gets request body var results = JsonConvert.DeserializeObject <dynamic>(body); // dynamic means the JSON object can be resolved at run time. if (results.userId != null) { userId = results.userId.ToString(); } else { va_errors = "Missing userId"; return(va_errors); } } if (!string.IsNullOrWhiteSpace(userId)) { int res = 0; if (Int32.TryParse(userId, out res)) { if (!_usersession.isValidUserId(res)) { va_errors = "Invalid UserId."; return(va_errors); } } else { va_errors = "Invalid UserId."; return(va_errors); } if (!string.IsNullOrWhiteSpace(resauthorizeKey)) { if (userId != null) { string DBtoken = _usersession.getAccessToken(res); if (DBtoken == resauthorizeKey) // checks if authorizekey exists in DB and makes sure its equal to passed in header { if (!Utils.VerifyLogintoken(resauthorizeKey)) // chk validity of token { va_errors = "Not authorized [Expired Authorization key]"; return(va_errors); } } else { va_errors = "Invalid Authorization key"; return(va_errors); } } } else { va_errors = "Not authorized [Invalid Authorization key]"; return(va_errors); } } else { va_errors = "Missing userId"; } return(va_errors); }