public async Task<HttpResponseMessage> ExecuteAuthorizationFilterAsync
            (HttpActionContext actionContext, CancellationToken cancellationToken, Func<Task<HttpResponseMessage>> continuation)
        {
            User user = null;
            string token = null;
            var anonymousAllowed = actionContext.ControllerOrActionMarkedWith<AllowAnonymousAttribute>();

            var request = actionContext.Request;
            if (request == null)
                return SetUnathorizedResponse(actionContext);

            IEnumerable<string> headerValues;
            var isHeaderFound = request.Headers.TryGetValues(TokenHeaderName, out headerValues);
            var authentHeader = isHeaderFound ? headerValues.FirstOrDefault() : GetTokenFromCookie(request);

            if (!String.IsNullOrEmpty(authentHeader))
            {
                var tokenProvider = actionContext.Request.GetDependencyScope().GetService(typeof(ITokenService)) as ITokenService;
                if (tokenProvider == null)
                    return SetUnathorizedResponse(actionContext);

                user = tokenProvider.GetUser(authentHeader);
                if (user != null)
                {
                    token = tokenProvider.RefreshToken(authentHeader);
                }
            }

            if (user == null)
            {
                if (anonymousAllowed)
                    user = new User();
                else
                {
                    return SetUnathorizedResponse(actionContext);
                }
            }

            SetUserToEveryContext(actionContext, new SitePrincipal(user));

            var response = await continuation();
            if (!string.IsNullOrWhiteSpace(token))
            {
                response.Headers.Add(TokenHeaderName, token);
                return response;
            }
            return response;
        }