public override void OnAuthorization(HttpActionContext actionContext) { VerifyArgument.IsNotNull("actionContext", actionContext); var user = actionContext.ControllerContext.RequestContext.Principal; if (actionContext.ActionDescriptor.ActionName == "ExecutePublicTokenWorkflow" || actionContext.ActionDescriptor.ActionName == "ExecuteLoginWorkflow") { return; } if (user == null && (actionContext.ActionDescriptor.ActionName == "ExecutePublicWorkflow" || actionContext.ActionDescriptor.ActionName == "ExecuteGetRootLevelApisJson")) { user = GlobalConstants.GenericPrincipal; actionContext.ControllerContext.RequestContext.Principal = user; } if (!user.IsAuthenticated()) { actionContext.CreateWarewolfErrorResponse(new WarewolfErrorResponseArgs { StatusCode = HttpStatusCode.Unauthorized, Title = GlobalConstants.USER_UNAUTHORIZED, Message = ErrorResource.AuthorizationDeniedForThisUser }); return; } var authorizationRequest = GetAuthorizationRequest(actionContext); if (!Service.IsAuthorized(authorizationRequest)) { actionContext.CreateWarewolfErrorResponse(new WarewolfErrorResponseArgs { StatusCode = HttpStatusCode.Forbidden, Title = GlobalConstants.USER_FORBIDDEN, Message = ErrorResource.AuthorizationDeniedForThisRequest }); } }