protected override bool AuthorizeCore(HttpContextBase httpContext) { bool isAuthorize = false; List <Register> listOfUsers = new List <Register>(); List <Roles> listOfRoles = new List <Roles>(); //get current user string currentUser = System.Web.HttpContext.Current.Session["CurrentUser"].ToString(); var users = dbFamilyResult.ExecuteCommand(string.Format("select * from NewUsers where UserName='******'", currentUser), connString); if (users.Tables.Count > 0) { var dt = users.Tables[0]; if (dt.Rows.Count > 0) { listOfUsers = dt.DataTableToList <Register>(); var userRoles = dbFamilyResult.ExecuteCommand(string.Format("select RoleId from UserRoleMapping where UserID={0}", listOfUsers.FirstOrDefault().UserId), connString); if (userRoles.Tables.Count > 0) { var dtUserRoles = userRoles.Tables[0]; if (dtUserRoles.Rows.Count > 0) { var listOfUserRoles = dtUserRoles.DataTableToList <UserRoleMapping>(); var roles = dbFamilyResult.ExecuteCommand(string.Format("select RoleName from Roles where RoleId={0}", listOfUserRoles.FirstOrDefault().RoleId), connString); if (roles.Tables.Count > 0) { var dtRoles = roles.Tables[0]; if (dtRoles.Rows.Count > 0) { listOfRoles = dtRoles.DataTableToList <Roles>(); System.Web.HttpContext.Current.Session["currentRole"] = listOfRoles.First().RoleName; if (allowedRoles.Any(m => m == listOfRoles.First().RoleName)) { isAuthorize = true; } } } } } } } return(isAuthorize); }