public Task <HttpResponseMessage> ExecuteActionFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { var attribute = actionContext .ControllerContext .ControllerDescriptor .GetCustomAttributes <GeneralAuthorizeAttribute>() .SingleOrDefault(); if (attribute == null) { return(continuation()); } if (Thread.CurrentPrincipal.Identity.IsAuthenticated) { return(continuation()); } AuthenticationHeaderValue authorization = actionContext.Request.Headers.Authorization; if (authorization != null) { if (authorization.Scheme.Equals("bearer", StringComparison.OrdinalIgnoreCase) && !string.IsNullOrWhiteSpace(authorization.Parameter)) { string token = authorization.Parameter; bool authorized = _authorizer.Authorize(new Guid(token)); if (authorized) { return(continuation()); } } if (authorization.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) && !string.IsNullOrWhiteSpace(authorization.Parameter)) { string credentials = authorization.Parameter; Encoding encoding = Encoding.GetEncoding("UTF-8"); string usernamePassword = encoding.GetString(Convert.FromBase64String(credentials)); int seperatorIndex = usernamePassword.IndexOf(':'); string username = usernamePassword.Substring(0, seperatorIndex); string password = usernamePassword.Substring(seperatorIndex + 1); var token = _authorizer.Authorize(username, password); // logic to check if OK return(continuation()); } } //var principal = new GenericPrincipal(new GenericIdentity(username), null); //HandleUnauthorized(actionContext); //return continuation(); return(Task.FromResult(actionContext.Request.CreateErrorResponse( HttpStatusCode.Unauthorized, "Authentication failed."))); }