/// <summary>
/// Authenticates the message.
/// </summary>
/// <param name="request">The current request instance.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>
/// The response for the request.
/// </returns>
protected async override Task <HttpResponseMessage> SendAsync(
HttpRequestMessage request,
CancellationToken cancellationToken)
{
IAuthenticationHandler authenticationHandler = null;
AuthenticationResult authenticationResult = null;
if (request.Headers.Authorization != null && this.IsAuthenticationHandlerAvailableForScheme(request.Headers.Authorization.Scheme))
{
authenticationHandler = this.authenticationHandlerDictionary[request.Headers.Authorization.Scheme];
authenticationResult = authenticationHandler.Authenticate(request);
this.LogAuthenticationResult(authenticationResult);
if (authenticationResult.IsAuthenticated)
{
this.SetPrincipal(request, authenticationResult.Principal);
}
}
HttpResponseMessage response = await base.SendAsync(request, cancellationToken);
// Try to suppress response content when the cancellation token has fired; ASP.NET will log to the Application event log if there's content in this case.
if (cancellationToken.IsCancellationRequested)
{
response = new HttpResponseMessage(response.StatusCode);
}
// if the authentication result contains an explicit return status then create the response based on that
if (authenticationResult != null && authenticationResult.ReturnStatus.HasValue)
{
response = new HttpResponseMessage(authenticationResult.ReturnStatus.Value);
response.Content = new StringContent(authenticationResult.ErrorMessage);
}
if (authenticationHandler != null)
{
authenticationHandler.HandleResponse(request, response, authenticationResult.Principal);
}
return(response);
}