public void OnAuthorization(AuthorizationFilterContext context) { Context = context; if (UserIsAuthentiacted()) { try { var ClaimHelper = new ClaimHelper(CreateHttpContextAccessor()); var databaseHelper = new DatabaseHelper(ClaimHelper, Logger, new SqlQueryHelper()); IEnumerable <Roles> roles = null; var key = AesEncrypter._instance.DecryptyData( ClaimHelper.GetValueFromClaim("key")); if (IsUser(ClaimHelper.GetValueFromClaim("aud"))) { roles = databaseHelper.GetRolesFromUser(key); } else { roles = databaseHelper.GetRolesFromToken(key); } if (!UserHasPermission(roles)) { RejectRequest("Permission denied", 403); } } catch (Exception error) { Logger.LogEventAsync(error, "error.json"); RejectRequest("An unhandled Exception has occured", 500); } } else { RejectRequest("Not Authorized", 401); } }