protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, DynamicRoleRequirement requirement) { var httpContext = _contextAccessor.HttpContext; var userId = httpContext.User.FindFirstValue(ClaimTypes.NameIdentifier); if (string.IsNullOrEmpty(userId)) { return; } var dbRoleValidationGuid = _memoryCache.GetOrCreate("RoleValidationGuid", p => { p.AbsoluteExpiration = DateTimeOffset.MaxValue; return(_utilities.DataBaseRoleValidationGuid()); }); //var allAreasName = _memoryCache.GetOrCreate("allAreasName", // p => //{ // p.AbsoluteExpiration = DateTimeOffset.MaxValue; // return _utilities.GetAllAreasNames(); //}); SplitUserRequestedUrl(httpContext, out var areaAndControllerAndActionName); UnprotectRvgCookieData(httpContext, out var unprotectedRvgCookie); if (!IsRvgCookieDataValid(unprotectedRvgCookie, userId, dbRoleValidationGuid)) { var user = await _userManager.FindByIdAsync(userId); if (user == null) { return; } AddOrUpdateRvgCookie(httpContext, dbRoleValidationGuid, userId); await _signInManager.RefreshSignInAsync(user); //Check in DataBase // var userRolesId = _dbContext.UserRoles.AsNoTracking() // .Where(r => r.UserId == userId) // .Select(r => r.RoleId) // .ToList(); // if (!userRolesId.Any()) return; // var userHasClaims = _dbContext.RoleClaims.AsNoTracking().Any(rc => // userRolesId.Contains(rc.RoleId) && rc.ClaimType == areaAndControllerAndActionName); // if (userHasClaims) context.Succeed(requirement); // --> Instead We Can Use RoleBack Button in Access Denied } else if (httpContext.User.HasClaim(areaAndControllerAndActionName, true.ToString())) { context.Succeed(requirement); } return; }