public override void OnAuthorization(HttpActionContext filterContext) { string userName = string.Empty; var request = filterContext.Request; var authorization = request.Headers.Authorization; try { var token = authorization.Parameter; // filterContext.Request.Headers.SingleOrDefault(x => x.Key == _authorizedToken); if (!string.IsNullOrEmpty(token)) { if (!tokenManager.ValidateToken(token, out userName)) { filterContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized); return; } } else { filterContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden); return; } } catch (Exception) { filterContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden); return; } base.OnAuthorization(filterContext); }
protected Task <IPrincipal> AuthenticateJwtToken(string token) { string username; if (tokenManager.ValidateToken(token, out username)) { // based on username to get more information from database in order to build local identity var claims = new List <Claim> { new Claim(ClaimTypes.Name, username), new Claim(ClaimTypes.Role, "Admin"), new Claim(ClaimTypes.Role, "SuperUser") // Add more claims if needed: Roles, ... }; var identity = new ClaimsIdentity(claims, "Jwt"); IPrincipal user = new ClaimsPrincipal(identity); return(Task.FromResult(user)); } return(Task.FromResult <IPrincipal>(null)); }