protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { IEnumerable <string> foundValues = null; if (request.Headers.TryGetValues("ECIDataToken", out foundValues)) { var values = foundValues as string[] ?? foundValues.ToArray(); if (values.Length == 1) { string token = values.Single(); if (_oktaProvider.ValidateSession(token)) { return(base.SendAsync(request, cancellationToken)); } } } return(RejectRequest()); }