/// <summary>
/// Processes requests that fail authorization.
/// </summary>
/// <param name="actionContext">The context.</param>
/// <exception cref="ArgumentNullException">
/// <paramref name="actionContext"/> is <see langword="null"/>.
/// </exception>
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
actionContext.AssertNotNull("actionContext");
var principal = actionContext.RequestContext.Principal;
if (principal == null || !principal.Identity.IsAuthenticated)
{
base.HandleUnauthorizedRequest(actionContext);
}
else
{
actionContext.Response = actionContext.ControllerContext.Request.CreateErrorResponse(
HttpStatusCode.Forbidden, InvariantStrings.RequestNotAllowed);
}
}
