protected void Application_AuthenticateRequest(Object sender, EventArgs e) { var context = new HttpContextWrapper(HttpContext.Current); if (!string.IsNullOrEmpty(AuthSettings.EnableAuth) && AuthSettings.EnableAuth.Equals(false.ToString(), StringComparison.OrdinalIgnoreCase)) { context.User = new TryWebsitesPrincipal(new TryWebsitesIdentity("*****@*****.**", null, "Local")); return; } if (!SecurityManager.TryAuthenticateSessionCookie(context)) { // Support requests from non-browsers with bearer headers if (context.IsClientPortalBackendRequest() && !context.IsBrowserRequest() && SecurityManager.TryAuthenticateBearer(context)) { return; } if (SecurityManager.HasToken(context)) { // This is a login SecurityManager.AuthenticateRequest(context); return; } var route = RouteTable.Routes.GetRouteData(context); // If the route is not registered in the WebAPI RouteTable // then it's not an API route, which means it's a resource (*.js, *.css, *.cshtml), not authenticated. // If the route doesn't have authenticated value assume true var isAuthenticated = route != null && ((route.Values["authenticated"] == null || (bool)route.Values["authenticated"]) && !(route.Values["action"] != null && String.Equals(route.Values["action"].ToString(), "All", StringComparison.OrdinalIgnoreCase))); if (isAuthenticated) { SecurityManager.AuthenticateRequest(context); } else if (context.IsBrowserRequest()) { SecurityManager.HandleAnonymousUser(context); } } }