r4hulp/custom-handler.cs

## custom-handler.cs
CustomMessageHandler customMessageHandler = new CustomMessageHandler(){ InnerHandler = new HttpControllerHandler(config)};
      config.Routes.MapHttpRoute(
      name: "DefaultApi",
      routeTemplate: "api/{controller}/{id}",
      defaults: new { id = RouteParameter.Optional },
      constraints : null,
      handler : customMessageHandler
 );

## custom-message-handler.cs
    public class CustomMessageHandler: DelegatingHandler
    {
        protected override Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) //Standard signature
        {
            const string tokenName = "Auth-Token";

            if (request.Headers.Contains(tokenName)) //Check if request header contains auth token or not.
            {
                string requestToken= request.Headers.GetValues(tokenName).First(); //get the first of Auth token from request header
                try
                {
                    //VALIDATE THE TOKEN.. E.G. DECRYPT THE TOKEN AND CHECK IF THE USER IS VALID OR NOT
                    //I WILL BE SHARING EXAMPLE SNIPPET SOON ON MY GITHUB ON VARIOUS APPROACHES OF ACHIEVING SECURITY
                    //SUCH AS BASE64 ENCRYPTION, X.509 ENCRYPTION ETC.
                    if(//USER IS INVALID)
                    {
                        HttpResponseMessage reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Invalid username or password / identity.");
                        return Task.FromResult(reply);
                    }
                }
                catch (Exception ex) //token not found or invalid token
                {
                    HttpResponseMessage reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Invalid token.");
                    return Task.FromResult(reply);
                }
            }
            else // IF REQUEST DOES NOT HAVE AUTHENTICATION TOKEN
            {
                HttpResponseMessage reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Ooops, can not find token, make sure the requests have token.");
                return Task.FromResult(reply);
            }

            return base.SendAsync(request, cancellationToken);
        }

    }
	CustomMessageHandler customMessageHandler = new CustomMessageHandler(){ InnerHandler = new HttpControllerHandler(config)};
	config.Routes.MapHttpRoute(
	name: "DefaultApi",
	routeTemplate: "api/{controller}/{id}",
	defaults: new { id = RouteParameter.Optional },
	constraints : null,
	handler : customMessageHandler
	);
	public class CustomMessageHandler: DelegatingHandler
	{
	protected override Task SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) //Standard signature
	{
	const string tokenName = "Auth-Token";

	if (request.Headers.Contains(tokenName)) //Check if request header contains auth token or not.
	{
	string requestToken= request.Headers.GetValues(tokenName).First(); //get the first of Auth token from request header
	try
	{
	//VALIDATE THE TOKEN.. E.G. DECRYPT THE TOKEN AND CHECK IF THE USER IS VALID OR NOT
	//I WILL BE SHARING EXAMPLE SNIPPET SOON ON MY GITHUB ON VARIOUS APPROACHES OF ACHIEVING SECURITY
	//SUCH AS BASE64 ENCRYPTION, X.509 ENCRYPTION ETC.
	if(//USER IS INVALID)
	{
	HttpResponseMessage reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Invalid username or password / identity.");
	return Task.FromResult(reply);
	}
	}
	catch (Exception ex) //token not found or invalid token
	{
	HttpResponseMessage reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Invalid token.");
	return Task.FromResult(reply);
	}
	}
	else // IF REQUEST DOES NOT HAVE AUTHENTICATION TOKEN
	{
	HttpResponseMessage reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Ooops, can not find token, make sure the requests have token.");
	return Task.FromResult(reply);
	}

	return base.SendAsync(request, cancellationToken);
	}

	}