protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { DateTimeOffset requestTime = DateTime.UtcNow; if (!Request.Headers.TryGetValue(ApiKeyHeaderName, out var apiKeyHeaderValues)) { return(AuthenticateResult.NoResult()); } var providedApiKey = apiKeyHeaderValues.FirstOrDefault(); if (!apiKeyHeaderValues.Any() || string.IsNullOrWhiteSpace(providedApiKey)) { return(AuthenticateResult.NoResult()); } ApiKey apiKey = await _apiKeyRepository.FindByKey(providedApiKey); if (apiKey != null && requestTime < apiKey.ValidUntil && requestTime > apiKey.ValidFrom) { var claims = new List <Claim> { new Claim(ClaimTypes.Name, apiKey.Owner.MerchantId.ToString()) }; var identity = new ClaimsIdentity(claims, Options.AuthenticationType); var identities = new List <ClaimsIdentity> { identity }; var principal = new ClaimsPrincipal(identities); var ticket = new AuthenticationTicket(principal, Options.Scheme); return(AuthenticateResult.Success(ticket)); } return(AuthenticateResult.Fail("Invalid API Key provided.")); }