protected override async Task <AuthenticateResult> HandleAuthenticateAsync() { if (!Request.Headers.ContainsKey(apiKey)) { return(AuthenticateResult.Fail("Missing X-API-KEY header")); } string key = Request.Headers[apiKey]; if (!apiKeyService.TryAuthorize(key, out Customer customer)) { return(AuthenticateResult.Fail("Invalid api key")); } ClaimsIdentity identity = new ClaimsIdentity("ApiKey"); identity.AddClaim(new Claim("Pesel", customer.Pesel)); identity.AddClaim(new Claim(ClaimTypes.Role, "user")); identity.AddClaim(new Claim(ClaimTypes.Role, "trainer")); identity.AddClaim(new Claim(ClaimTypes.Email, customer.Email)); ClaimsPrincipal principal = new ClaimsPrincipal(identity); var ticket = new AuthenticationTicket(principal, "ApiKey"); return(AuthenticateResult.Success(ticket)); }