public static async Task AuthenticateRequestAsync()

in Facebook/WebApp/Auth/AuthenticateRequest.cs [17:55]

• 35 lines of code
• 9 McCabe index (conditional complexity)

        public static async Task<bool> AuthenticateRequestAsync(HttpActionContext actionContext)
        {
            bool isAuthorized = false;

            HttpRequestHeaders headers = actionContext.Request.Headers;
            string authScheme = headers.Authorization.Scheme;

            if (authScheme.Equals("Bearer"))
            {
                if (actionContext.RequestContext != null)
                {
                    ClaimsPrincipal claimsPrincipal = actionContext.RequestContext.Principal as ClaimsPrincipal;

                    if (claimsPrincipal != null && claimsPrincipal.Claims != null)
                    {
                        isAuthorized = CheckIfCallerClaimIsAuthorized(claimsPrincipal.Claims);
                    }
                }
                return isAuthorized;
            }
            // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization
            else if (authScheme.Equals("Basic"))
            {
                try
                {
                    string decodedCredentials = new ASCIIEncoding().GetString(Convert.FromBase64String(headers.Authorization.Parameter));
                    string[] userPass = decodedCredentials.Split(new char[] { ':' });
                    if (userPass[0].Equals(Settings.TenantId) && userPass[1].Equals(Settings.APISecretKey))
                    {
                        return true;
                    }
                }
                catch
                {
                    return false;
                }
            }
            return false;
        }