protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization != null)
{
// The token will be either in the Scheme attribute,
// or if the Scheme is "Bearer" the token will be in the Parameter attribute.
string tokenString = actionContext.Request.Headers.Authorization.Scheme;
if (tokenString.Equals("Bearer", System.StringComparison.InvariantCultureIgnoreCase))
{
tokenString = actionContext.Request.Headers.Authorization.Parameter;
}
if (!TransactionSecurity.IsTokenValid(tokenString))
{
base.HandleUnauthorizedRequest(actionContext);
}
}
else
{
base.HandleUnauthorizedRequest(actionContext);
}
}
private void Init(String tokenString)
{
// If no token was provided, do nothing.
if (string.IsNullOrEmpty(tokenString))
{
return;
}
if (tokenString.StartsWith(bearerToken, StringComparison.InvariantCultureIgnoreCase))
{
tokenString = tokenString.Substring(bearerToken.Length);
}
if (!TransactionSecurity.IsTokenValid(tokenString))
{
throw new Exception("JWT invalid");
}
// Convert to token
var handler = new JwtSecurityTokenHandler();
token = handler.ReadJwtToken(tokenString);
}
