public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var routeData = filterContext.RouteData;
var area = "";
if (routeData.Values["area"] != null)
{
area = routeData.Values["area"].ToString();
}
var controller = routeData.Values["controller"].ToString();
var action = routeData.Values["action"].ToString();
var userId = HttpContext.Current.User.Identity.GetUserId();
ControllerHelper cHelper = new ControllerHelper();
UserRoute userRoute = new UserRoute();
userRoute.Area = area;
userRoute.Controller = controller;
userRoute.Action = action;
if ((!controller.ToLower().Contains("account") &&
(!action.ToLower().Contains("logoff") ||
!action.ToLower().Contains("login"))) &&
(!controller.ToLower().Contains("home") &&
(!action.ToLower().Contains("index"))))
{
if (!cHelper.AuthorizeAction(userId, userRoute))
{
filterContext.Result = new HttpUnauthorizedResult();
filterContext.Controller.TempData["ErrorMessage"] = "You are not authorized to access this page";
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Default", action = "NotAuthorized" }));
}
}
base.OnActionExecuting(filterContext);
}