protected override bool IsAuthorized(HttpActionContext actionContext) { var headers = actionContext.Request.Headers; if (!headers.Contains(AuthorizationConstants.UsernameKey) || !headers.Contains(AuthorizationConstants.PasswordKey)) { // No credentials provided return(false); } var username = headers.GetValues(AuthorizationConstants.UsernameKey).First(); var password = headers.GetValues(AuthorizationConstants.PasswordKey).First(); var(isAuthorized, foundUser) = LoginService.AuthorizeUser(username, password); if (!isAuthorized) { return(false); } actionContext.Request.Properties[AuthorizationConstants.UserInformationKey] = foundUser; return(true); }