public static ClaimsPrincipal Authenticate(HttpRequest request, List <WebApiUserTypesEnum> AllowedRoles, List <string> CallTrace) { string token = GetTokenFromRequest(request, TodosCosmos.LocalFunctions.AddThisCaller(CallTrace, MethodBase.GetCurrentMethod())); if (string.IsNullOrEmpty(token)) { throw new UnauthorizedAccessException(); } var tokenHandler = new JwtSecurityTokenHandler(); var jwtToken = tokenHandler.ReadToken(token) as JwtSecurityToken; if (jwtToken == null) { return(null); } var tokenValidationParameters = new TokenValidationParameters { // The signing key must match! ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(GlobalData.JWTSecret)), // Validate the JWT Issuer (iss) claim ValidateIssuer = true, ValidIssuer = "ExampleIssuer", // Validate the JWT Audience (aud) claim ValidateAudience = true, ValidAudience = "ExampleAudience", // Validate the token expiry ValidateLifetime = true, // If you want to allow a certain amount of clock drift, set that here: //ClockSkew = TimeSpan.Zero, }; SecurityToken securityToken; var principal = tokenHandler.ValidateToken(token, tokenValidationParameters, out securityToken); if (principal == null) { throw new UnauthorizedAccessException(); } if (AllowedRoles.Any()) { WebApiUserTypesEnum UserRole = (WebApiUserTypesEnum)int.Parse(LocalFunctions.CmdGetValueFromRoleClaim(principal.Claims, 10, TodosCosmos.LocalFunctions.AddThisCaller(CallTrace, MethodBase.GetCurrentMethod()))); if (AllowedRoles.Any(x => x.Equals(UserRole))) { return(principal); } else { throw new UnauthorizedAccessException(); } } else { return(principal); } }