// GET: api/Auth public HttpResponseMessage Get(bool refresh = true) { //if not JWT Authorization punt if (Request.Headers.Authorization == null || Request.Headers.Authorization.Scheme != "Bearer") { throw new HttpResponseException(Request.CreateErrorResponse(System.Net.HttpStatusCode.Unauthorized, "You are unauthorized.")); } //get token var authorizationToken = Request.Headers.Authorization.Parameter; //validate token and get username string username = null; if (!_authenticationHelper.ValidateAuthorizationToken(authorizationToken, out username)) { throw new HttpResponseException(Request.CreateErrorResponse(System.Net.HttpStatusCode.Unauthorized, "You are unauthorized.")); } if (!refresh) { return new HttpResponseMessage { StatusCode = HttpStatusCode.OK } } ; //create new token var jwtSecurityToken = new JwtSecurityToken( issuer: "mycompanyauth", audience: "mycompany", claims: new List <Claim>() { new Claim(ClaimTypes.Name, username), }, notBefore: DateTime.UtcNow.AddMinutes(_authenticationServerConfiguration.AuthTokenRefreshNotBeforeAdjustMinutes), expires: DateTime.UtcNow.AddMinutes(_authenticationServerConfiguration.AuthTokenRefreshExpiryMinutes), signingCredentials: _authenticationHelper.SigningCredentials ); //create a token handler and use it to write the token to a string string tokenString = _jwtSecurityTokenHandler.WriteToken(jwtSecurityToken); //respond return(new HttpResponseMessage { Content = new StringContent(tokenString, Encoding.UTF8, "text/html") }); } }