internal static HttpServer Create(Func<HttpResponseMessage, string> normalizationCallback = null, Func<HttpRequestMessage, string, bool> verificationCallback = null) { var configuration = new HttpConfiguration(); configuration.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); Func<string, Credential> callback = (id) => Credentials.FirstOrDefault(c => c.Id == id); var authConfig = new AuthenticationConfiguration() { RequireSsl = false }; authConfig.AddHawkAuthentication(callback, allowBewit: true, normalizationCallback: normalizationCallback, verificationCallback: verificationCallback); configuration.MessageHandlers.Add(new AuthenticationHandler(authConfig)); return new HttpServer(configuration); }