protected override Task<HttpResponseMessage> SendAsync(
HttpRequestMessage request, CancellationToken cancellationToken)
{
try
{
var token = ExtractTokenFromHeader(request);
if (token != null)
{
// var config = new SecurityTokenHandlerConfiguration();
// var t = new SecurityTokenHandlerElementCollection();
var principal = new ClaimsPrincipal(ServiceConfiguration.SecurityTokenHandlers.ValidateToken(token));
// var identities = ServiceConfiguration.SecurityTokenHandlers.ValidateToken(token);
// var principal = ClaimsPrincipal.CreateFromIdentities(identities);
request.SetUserPrincipal(principal);
// request.SetUserPrincipal(principal);
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
}
}
catch (Exception ex)
{
return Task<HttpResponseMessage>.Factory.StartNew(() =>
{
return new HttpResponseMessage(HttpStatusCode.Forbidden);
});
//throw new HttpException((int)System.Net.HttpStatusCode.Unauthorized, "The authorization header was invalid");
}
return base.SendAsync(request, cancellationToken);
}
