public override void OnActionExecuting(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.Unauthorized); } else { string authToken = actionContext.Request.Headers.Authorization.Parameter; //string decodedToken = string DeviceId = Encoding.UTF8.GetString(Convert.FromBase64String(authToken)); ; //will contain the decrypted authToken summonersRepository dataLayer = new summonersRepository(); Summoner summoner = dataLayer.ValidateUser(DeviceId); if (summoner == null) //not authorized { actionContext.Response = new System.Net.Http.HttpResponseMessage(HttpStatusCode.Unauthorized); } else { HttpContext.Current.User = new GenericPrincipal(new ServiceUser(summoner), new string[] { }); base.OnActionExecuting(actionContext); } } }