public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { IEnumerable <string> headers; if (actionContext.Request.Headers.TryGetValues("token", out headers)) { var loginName = JwtTool.Decode(JwtTool.secret, headers.First())["LoginName"].ToString(); var id = (int)JwtTool.Decode(JwtTool.secret, headers.First())["Id"]; (actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser(id, loginName); return(await continuation()); } return(new HttpResponseMessage(HttpStatusCode.Unauthorized)); }