public override void OnAuthorization(AuthorizationContext filterContext) { if (String.IsNullOrEmpty(PermissionName)) { throw new ApplicationException("No permission supplied"); } //No authorization if permission is AllowAnonymous if (String.Equals(PermissionName, "AllowAnonymous", StringComparison.InvariantCultureIgnoreCase)) { return; } WorkContext workContext = filterContext.GetWorkContext(); IAuthorizer authorizer = workContext.Resolve <IAuthorizer>(); Permission permission = new Permission { Name = PermissionName }; if (authorizer.Authorize(permission, new LocalizedString("Access is denied"))) { return; } //Access is denied filterContext.Result = new HttpUnauthorizedResult(); }