/// <summary>
        /// Processes requests that fail authorization.
        /// </summary>
        /// <param name="actionContext">The context.</param>
        /// <exception cref="ArgumentNullException">
        /// <paramref name="actionContext"/> is <see langword="null"/>.
        /// </exception>
        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {
            actionContext.AssertNotNull("actionContext");

            var principal = actionContext.RequestContext.Principal;

            if (principal == null || !principal.Identity.IsAuthenticated)
            {
                base.HandleUnauthorizedRequest(actionContext);
            }
            else
            {
                actionContext.Response = actionContext.ControllerContext.Request.CreateErrorResponse(
                    HttpStatusCode.Forbidden, InvariantStrings.RequestNotAllowed);
            }
        }