public async Task<HttpResponseMessage> ExecuteAuthorizationFilterAsync (HttpActionContext actionContext, CancellationToken cancellationToken, Func<Task<HttpResponseMessage>> continuation) { User user = null; string token = null; var anonymousAllowed = actionContext.ControllerOrActionMarkedWith<AllowAnonymousAttribute>(); var request = actionContext.Request; if (request == null) return SetUnathorizedResponse(actionContext); IEnumerable<string> headerValues; var isHeaderFound = request.Headers.TryGetValues(TokenHeaderName, out headerValues); var authentHeader = isHeaderFound ? headerValues.FirstOrDefault() : GetTokenFromCookie(request); if (!String.IsNullOrEmpty(authentHeader)) { var tokenProvider = actionContext.Request.GetDependencyScope().GetService(typeof(ITokenService)) as ITokenService; if (tokenProvider == null) return SetUnathorizedResponse(actionContext); user = tokenProvider.GetUser(authentHeader); if (user != null) { token = tokenProvider.RefreshToken(authentHeader); } } if (user == null) { if (anonymousAllowed) user = new User(); else { return SetUnathorizedResponse(actionContext); } } SetUserToEveryContext(actionContext, new SitePrincipal(user)); var response = await continuation(); if (!string.IsNullOrWhiteSpace(token)) { response.Headers.Add(TokenHeaderName, token); return response; } return response; }