private void isUserAuthorized(AuthorizationContext filterContext) { // set token and userId cookie _tokenCookie = filterContext.HttpContext.Request.Cookies.Get("access"); _userIdCookie = filterContext.HttpContext.Request.Cookies.Get("userId"); // get request url string returnUrl = filterContext.HttpContext.Request.Url.AbsoluteUri; // if user's token is expired if (_tokenCookie == null && _userIdCookie != null) { // check if it's ajax call if (filterContext.HttpContext.Request.IsAjaxRequest()) { filterContext.HttpContext.Response.StatusCode = 302; //Found Redirection to another page. Here- login page. Check Layout ajaxError() script. filterContext.HttpContext.Response.End(); SetResultPage(filterContext, "Home", "Index", returnUrl, "Session expired. Please log in again"); return; } SetResultPage(filterContext, "Home", "Index", returnUrl, "Session expired. Please log in again"); return; } // if user is not logged in if (_tokenCookie == null) { SetResultPage(filterContext, "Home", "Index", returnUrl, "Please login."); return; } // if user's token is present and there is a username if (_tokenCookie != null && _userIdCookie != null) { bool hasAccess = false; VoteUserManager user = new VoteUserManager(); if (!string.IsNullOrEmpty(this.Roles)) { // split roles string[] roles = this.Roles.Split(','); for (int i = 0; i < roles.Length; i++) { roles[i] = roles[i].Trim(); } // check roles foreach (var role in roles) { if (user.HasRole(role)) { hasAccess = true; } } } else { hasAccess = true; } // return unauthorized if check failed if (!hasAccess) { SetResultPage(filterContext, "Unauthorized", "Index"); } else { // check if user is a voter if (user.HasRole("Voter")) { // validate if election is still on using (DbContext db = new DbContext()) { var endDate = db.Election.Select(x => x.EndDate).FirstOrDefault(); var startDate = db.Election.Select(x => x.StartDate).FirstOrDefault(); // init today var today = DateTime.Now; if (endDate < today) { SetResultPage(filterContext, "Unauthorized", "vote-over"); } else if (today < startDate) { SetResultPage(filterContext, "Unauthorized", "vote-not-started"); } } } } } }