public class AuthenticationHandler : DelegatingHandler
/// Holds request's header name which will contains token.
private const string securityToken = "__RequestAuthToken";
/// Default overridden method which performs authentication.
/// <param name="request">Http request message.</param>
/// <param name="cancellationToken">Cancellation token.</param>
/// <returns>Returns http response message of type <see cref="HttpResponseMessage"/> class asynchronously.</returns>
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
if (request.Headers.Contains(securityToken))
bool authorized = Authorize(request);
return ApiHttpUtility.FromResult(request, false, HttpStatusCode.Unauthorized, MessageTypes.Error, Resource.UnAuthenticatedUser);
return ApiHttpUtility.FromResult(request, false, HttpStatusCode.BadRequest, MessageTypes.Error, Resource.UnAuthenticatedUser);
return base.SendAsync(request, cancellationToken);
/// Authorize user by validating token.
/// <param name="requestMessage">Authorization context.</param>
/// <returns>Returns a value indicating whether current request is authenticated or not.</returns>
private bool Authorize(HttpRequestMessage requestMessage)
HttpRequest request = HttpContext.Current.Request;
string token = request.Headers[securityToken];
return SecurityUtility.IsTokenValid(token, request.UserAgent, HttpContext.Current.Server.MapPath("~/Content/"), requestMessage);
