public override void OnActionExecuting(HttpActionContext actionContext) { base.OnActionExecuting(actionContext); var naasCredentialsRequiredController = actionContext.ControllerContext.Controller as NAASCredentialsRequiredController; if (naasCredentialsRequiredController == null) { actionContext.CreateBadRequestResponse("The NAASCredentialsRequiredAttribute requires a controller of type NAASCredentialsRequiredController"); return; } // Check to see if BaseAuthenticationParameters instance parameter was specified to the controller action BaseAuthenticationParameters authenticationParameters = FindAuthenticationParameters(actionContext); if (authenticationParameters == null) { actionContext.CreateBadRequestResponse("Base authentication parameters are required and were not found"); return; } UseBasicAuthenticationCredentials_Cached = !authenticationParameters.HasUsernameAndPasswordOrToken; if (UseBasicAuthenticationCredentials_Cached) { // The BaseAuthenticationParameters instance parameter did not specify any credentials, next // check for http basic authorization string username, password; if (!actionContext.Request.ParseAuthorizationHeader(out username, out password)) { actionContext.CreateUnauthorizedResponse(); actionContext.CacheFirstAccessedTime(); return; } naasCredentialsRequiredController.HttpBasicAuthorizationParameters = new BaseAuthenticationParameters(username, password); } }