public void OnActionExecuting(ActionExecutingContext context) { var definedBasicAuth = _applicationSettings.GetBasicAuth(); if (context.HttpContext.Request.Headers.TryGetValue("Authorization", out StringValues iAuthHeader)) { string authHeader = iAuthHeader[0].ToString(); if (authHeader != null && authHeader.StartsWith("basic", StringComparison.OrdinalIgnoreCase)) { var token = authHeader.Substring("Basic ".Length).Trim(); string credentialstring = Encoding.UTF8.GetString(Convert.FromBase64String(token)); if (credentialstring.Equals(definedBasicAuth.UserName + ":" + definedBasicAuth.Password)) { return; } } } var result = new Response { status = "error", message = "you are not authorized to perform this action" }; context.Result = new ObjectResult(result); }