RequireApiKey require an api key for MVC controllers assumes SSL

RequireApiKey

public class RequireApiKey : ActionFilterAttribute
    {
        private static readonly ILog Logger = LogManager.GetLogger(typeof(RequireApiKey));
        public override void OnActionExecuting(HttpActionContext context)
        {
            var ipAddress = GetIpAddress(context);
            Logger.InfoFormat("API attempt. Uri {0} - IP {1} - Headers {2} ", context.Request.RequestUri, ipAddress, context.Request.Headers);

            IEnumerable<string> values;
            if (context.Request.Headers.TryGetValues("ApiKey", out values) &&  GetApiKeys().Any (x => x ==values.First())
            {
                context.RequestContext.Principal = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Role, Constants.Roles.Api) }));
                base.OnActionExecuting(context);
                return;
            }
            Logger.WarnFormat("Unauthorised API attempt. Uri {0} - Headers {1} ", context.Request.RequestUri, context.Request.Headers);
            context.Response = new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent("Missing ApiKey") };
        }

        private static string GetIpAddress(HttpActionContext actionContext)
        {
            var context = actionContext.Request.Properties["MS_HttpContext"] as System.Web.HttpContextBase;
            return context == null ? "Unknown" : context.Request.UserHostAddress;
        }
		
		private IEnumerable<string> GetApiKeys()
		{
			//todo
		}
    }