public void OnAuthorization(AuthorizationContext filterContext) { if (filterContext.HttpContext.Session != null) { var user = filterContext.HttpContext.Session["user"]?.ToString(); if (!string.IsNullOrWhiteSpace(user)) { return; } var cookie = filterContext.HttpContext.Request.Cookies?["user"]; if (!string.IsNullOrEmpty(cookie?.Value)) { throw new UnauthorizedException(); } var content = cookie?.Value.DecryptQueryString(); lclEntities db = new lclEntities(); if (!db.Users.Any(u => u.Account == content)) { throw new UnauthorizedException(); } } }