public HttpResponseMessage Authenticate([FromBody] SystemUser user) { if (user == null) { var ex = new ArgumentNullException("user"); return(Request.CreateResponse(HttpStatusCode.InternalServerError, ex)); } if ((user = SystemUser.Authenticate(user.Username, user.Password)) != null) { var authUser = new SystemUser { Id = user.Id, Username = user.Username, }; authUser.GenerateAuthToken(); ApplicationContext.AddAuthenticatedUser(authUser); return(Request.CreateResponse(HttpStatusCode.OK, authUser)); } else { return(Request.CreateResponse(HttpStatusCode.Forbidden)); } }