public override void OnAuthorization(HttpActionContext actionContext)
        {
            bool loggedIn = false;

            //got username + password here in server
            if (actionContext.Request.Headers.Authorization == null)
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden,
                                                                              "You must send user name and password in basic authentication");
                return;
            }
            string authenticationToken        = actionContext.Request.Headers.Authorization.Parameter;
            string decodedAuthenticationToken = Encoding.UTF8.GetString(
                Convert.FromBase64String(authenticationToken));

            string[] usernamePasswordArray = decodedAuthenticationToken.Split(':');
            string   username = usernamePasswordArray[0];
            string   password = usernamePasswordArray[1];

            //search the username and password in the DB (with admin user Facade):
            ILoginToken LoginUser = FlyingCenterSystem.GetFlyingCenterSystemInstance().Login("admin", "9999");
            LoginToken <Administrator>  AdminLoginToken   = (LoginToken <Administrator>)LoginUser;
            LoggedInAdministratorFacade AdminLoginIFacade = (LoggedInAdministratorFacade)FlyingCenterSystem.GetFlyingCenterSystemInstance().GetFacade(AdminLoginToken);
            IList <AirlineCompany>      airlineCompanies  = new List <AirlineCompany>();

            airlineCompanies = AdminLoginIFacade.GetAllAirLineCompanies();

            //Add the request to the table in DB:
            AdminLoginIFacade.AddRequestToTableInDB(AdminLoginToken, username);

            if (!AdminLoginIFacade.IsUserBlocked(AdminLoginToken, username))
            {
                foreach (AirlineCompany alc in airlineCompanies)
                {
                    if (username == alc.UserName && password == alc.Password)
                    {
                        loggedIn = true;

                        //create loginToken for AirlineCompany
                        ILoginToken AirlineUserLoginToken = FlyingCenterSystem.GetFlyingCenterSystemInstance().Login(username, password);
                        actionContext.Request.Properties["login-airline-company"]       = alc;
                        actionContext.Request.Properties["airline-company-login-token"] = AirlineUserLoginToken;
                    }
                    if (username == alc.UserName && password != alc.Password)
                    {
                        loggedIn = true;

                        //Add the request to the table in DB:
                        AdminLoginIFacade.AddRequestToTableInDB(AdminLoginToken, username);
                        //if times of login from the same user more than 3 - block the user:
                        AdminLoginIFacade.CheckIfBlockUser(AdminLoginToken, username);

                        string answerWrongpassword = "******";
                        if (AdminLoginIFacade.IsUserBlocked(AdminLoginToken, username))
                        {
                            answerWrongpassword += " Your user was blocked.";
                        }

                        actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized,
                                                                                      answerWrongpassword);
                    }
                }
                if (!loggedIn)
                {
                    //stops the request - will not arrive to web api controller
                    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized,
                                                                                  "You are not authorized. Your Username is not registered.");
                }
            }
            else
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized,
                                                                              "You are not authorized. Your user was blocked.");
            }
        }