/// <summary> /// Calls when a process requests authorization. /// </summary> /// <param name="actionContext">The action context, which encapsulates information for using <see cref="T:System.Web.Http.Filters.AuthorizationFilterAttribute" />.</param> public override void OnAuthorization(HttpActionContext actionContext) { var activator = GlobalConfiguration.Configuration.Services.GetHttpControllerActivator() as NinjectKernelActivator; var authService = activator.Kernel.Get <IAuthenticationService>() as IAuthenticationService; var token = actionContext.GetBearerToken(); var credentials = authService.GetUserCredentialsByToken(token); if (credentials.AuthStatus == CredentialsStatus.Invalid) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new ApiResponse(credentials, new ErrorContent())); } var controller = actionContext.ControllerContext.Controller as ApiControllerBase; if (controller != null) { controller.CurrentAuthToken = credentials.AuthToken; } }