public override async Task OnAuthorizationAsync(HttpActionContext actionContext, System.Threading.CancellationToken cancellationToken) { try { var token = actionContext.Header(Authorization); //HttpContext.Current.Request.Headers[Authorization]; if (string.IsNullOrEmpty(token)) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized) { ReasonPhrase = "No token!" }; return; } token = token.Replace(Bearer, ""); var result = JwtHandler.DecodeToken(token, actionContext.BaseUrl()); var name = result.ClaimsPrincipal.FindFirst(c => c.Type == Name); var userId = result.ClaimsPrincipal.FindFirst(c => c.Type == UserId); //get user from Db by user id actionContext.ActionArguments.Add(Name, $"{name.Value}:{userId.Value}"); var issuer = result.SecurityToken.Issuer; } catch (Exception) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized) { ReasonPhrase = "Wrong token or userId!" }; return; } }