public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { var tokenString = context?.Request?.Headers?.Authorization?.Parameter; if (string.IsNullOrEmpty(tokenString)) { SetupUnauthenticated(); return; } var tokenInfo = _authorizer.GetTokenInfo(tokenString); if (tokenInfo == null) { context.ErrorResult = new UnauthorizedResult( new AuthenticationHeaderValue[] {}, context.Request); await context.ErrorResult.ExecuteAsync(cancellationToken); SetupUnauthenticated(); return; } var identity = new LodIdentity(tokenInfo.UserId, true); var principal = new LodPrincipal(tokenInfo.Role, identity); Thread.CurrentPrincipal = principal; context.Principal = principal; }