private HttpResponseMessage ProcessTokenCheck(HttpRequestMessage request) { var config = GlobalConfiguration.Configuration; var controllerSelector = new DefaultHttpControllerSelector(config); var descriptor = controllerSelector.SelectController(request); if (System.Attribute.GetCustomAttributes(descriptor.ControllerType) .FirstOrDefault(attr => attr.TypeId.ToString().Contains(RegistrationRequiredAttribute.Name)) != null) { IEnumerable <string> values; if (!request.Headers.TryGetValues("token", out values) || values.Count() == 0 || string.IsNullOrEmpty(values.ToList()[0])) { return(ToolsBoxResponse.OK(new BasicResponseModel { Message = "Token required", Status = HttpStatusCode.Forbidden })); } var result = TokenProvider.CheckToken(values.ToList()[0]); switch (result) { case TokenProvider.TokenStatus.WrongToken: return(ToolsBoxResponse.OK(new BasicResponseModel { Message = "Wrong token", Status = HttpStatusCode.Forbidden })); case TokenProvider.TokenStatus.Expired: return(ToolsBoxResponse.OK(new BasicResponseModel { Message = "Token expired", Status = HttpStatusCode.Forbidden })); } } return(null); }