protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization != null) { // The token will be either in the Scheme attribute, // or if the Scheme is "Bearer" the token will be in the Parameter attribute. string tokenString = actionContext.Request.Headers.Authorization.Scheme; if (tokenString.Equals("Bearer", System.StringComparison.InvariantCultureIgnoreCase)) { tokenString = actionContext.Request.Headers.Authorization.Parameter; } if (!TransactionSecurity.IsTokenValid(tokenString)) { base.HandleUnauthorizedRequest(actionContext); } } else { base.HandleUnauthorizedRequest(actionContext); } }
private void Init(String tokenString) { // If no token was provided, do nothing. if (string.IsNullOrEmpty(tokenString)) { return; } if (tokenString.StartsWith(bearerToken, StringComparison.InvariantCultureIgnoreCase)) { tokenString = tokenString.Substring(bearerToken.Length); } if (!TransactionSecurity.IsTokenValid(tokenString)) { throw new Exception("JWT invalid"); } // Convert to token var handler = new JwtSecurityTokenHandler(); token = handler.ReadJwtToken(tokenString); }