public override void OnAuthorization(AuthorizationContext filterContext) { ITicketManager ticketManager = InstanceContainer.TicketManager; bool isAuthorized = ticketManager.IsAuthorized(filterContext.HttpContext); // this information can be cached so we don't reflect on every call bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true); if (!skipAuthorization && !isAuthorized) { ticketManager.Signout(); // auth failed, redirect to login page filterContext.Result = new HttpUnauthorizedResult(); return; } }