protected void Application_PostAuthenticateRequest(Object sender, EventArgs e) { var token = Request.Headers["token"]; if (token != null) { CustomPrincipal principal = new CustomPrincipal(token); if (principal.IsValidTokenForm()) { HttpContext.Current.User = principal; } else { HttpContext.Current.User = null; } } }