public async Task <bool> FilterAsync(HttpContext ctx) { string authorization = ctx.Request.Headers["Authorization"]; if (string.IsNullOrEmpty(authorization)) { // Not authorized ctx.Response.StatusCode = 403; return(false); } string token = null; if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase)) { token = authorization.Substring("Bearer ".Length).Trim(); } if (string.IsNullOrEmpty(token)) { ctx.Response.StatusCode = 403; return(false); } byte[] secretKey = System.Text.Encoding.UTF8.GetBytes(_secret); string json = Jose.JWT.Decode(token, secretKey); IDictionary <string, string> claims = Newtonsoft.Json.JsonConvert.DeserializeObject <IDictionary <string, string> >(json); if (claims.ContainsKey("sub")) { return(await _repository.IsExistingIdentityAsync(claims["sub"])); } return(false); }