protected virtual void AuthorizeRequest(ActionExecutingContext filterContext) { var isAuthorized = false; try { var resourceRequest = new ResourceRequest(new OAuth2Provider.Request.HttpRequest(Request), _serviceLocator); isAuthorized = resourceRequest.Authorize(); TokenData = _serviceLocator.Issuer.DecodeAccessToken(resourceRequest.AccessToken); } catch (OAuthException) { } if (isAuthorized) { return; } throw new UnauthorizedAccessException(); }