public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); //kamus string moduleName = null; string actionName = null; //algoritma if (ModuleName != null) { if (ModuleName.GetType() != typeof(UserModule)) { throw new InvalidCastException(string.Format(ERR_MSG, typeof(UserModule).Name)); } } moduleName = ((UserModule)ModuleName).GetDescription(); if (ActionName != null) { if (ActionName.GetType() != typeof(UserAction)) { throw new InvalidCastException(string.Format(ERR_MSG, typeof(UserAction).Name)); } actionName = ((UserAction)ActionName).GetDescription(); } if (filterContext.HttpContext.Request.IsAuthenticated) { var user = filterContext.HttpContext.User as ApplicationPrincipal; bool hasAccess = true; if (!string.IsNullOrEmpty(moduleName) && !string.IsNullOrEmpty(actionName)) { hasAccess = user.Modules.Any(m => m.ModuleName == moduleName && m.ActionName == actionName); } else if (!string.IsNullOrEmpty(moduleName) && string.IsNullOrEmpty(actionName)) { hasAccess = user.Modules.Any(m => m.ModuleName == moduleName); } else { hasAccess = false; } if (!hasAccess) { filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { action = "Http401", controller = "Error", area = string.Empty, url = filterContext.HttpContext.Request.Url.OriginalString })); } } }