public override bool OnAuthorizeUser(string userName, string password, HttpActionContext context)
 {
     //TODO: Do database lookup here and validate username and password
     if (userName == "rickybobby" && password == "Password1!")
     {
         BasicAuthenticationIdentity basicIdentity = Thread.CurrentPrincipal.Identity as BasicAuthenticationIdentity;
         if (basicIdentity != null)
         {
             //these could come from your db
             basicIdentity.UserId   = 2;
             basicIdentity.FullName = "Ricky Bobby";
         }
         return(true);
     }
     //username and password did not match
     return(false);
 }
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            BasicAuthenticationIdentity identity = FetchHeader(actionContext);

            if (identity == null)
            {
                ChallengeAuthRequest(actionContext);
                return;
            }
            //TODO: add roles here if I have them
            GenericPrincipal gp = new GenericPrincipal(identity, null);

            Thread.CurrentPrincipal = gp;
            if (!OnAuthorizeUser(identity.UserName, identity.Password, actionContext))
            {
                ChallengeAuthRequest(actionContext);
                return;
            }
            base.OnAuthorization(actionContext);
        }