static bool Authenticate(HttpContext context)
{
if (IsAnonymousAccessAllowed(context.Request))
return true;
var authHeader = context.Request.Headers.Get("Authorization");
if (string.IsNullOrEmpty(authHeader))
return false;
var creds = ParseAuthHeader(authHeader);
if (creds == null)
return true; // anonymous user
var principal = TryGetPrincipal(creds);
context.User = principal;
return true;
}