protected override bool IsAuthorized(HttpActionContext actionContext) { bool isAuthorized = false; MemoryCache memCache = MemoryCache.Default; string lControllerAction = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName + "." + actionContext.ActionDescriptor.ActionName; List <SecurityFormControlConfigGridDTO> data; data = (List <SecurityFormControlConfigGridDTO>)memCache.Get("RolePermissions"); if (data == null) { AdministrationController adminController = new AdministrationController(new SecurityControlService(new UnitOfWork()), new SecurityFormService(new UnitOfWork()), new SecurityFormControlService(new UnitOfWork()), new SecurityFormControlControlConfigService(new UnitOfWork())); data = adminController.GetSecurityActionConfig(Convert.ToInt32(ConfigurationManager.AppSettings["SecurityApplicationId"])); memCache.Add("RolePermissions", data, DateTimeOffset.UtcNow.AddDays(Convert.ToDouble(System.Web.Configuration.WebConfigurationManager.AppSettings["CacheRolePermissionDays"]))); } if (data != null) { List <SecurityFormControlConfigGridDTO> filteredList = data.FindAll(permissionObj => permissionObj.SecurityFormControlName.ToUpper() == lControllerAction.ToUpper() && permissionObj.SecurityControlDesc == "ControllerAction"); foreach (SecurityFormControlConfigGridDTO obj in filteredList) { if (actionContext.RequestContext.Principal.IsInRole(obj.RoleDescription)) { isAuthorized = obj.IsVisible; break; } } } return(isAuthorized); }