protected override bool AuthorizeCore(HttpContextBase httpContext) { var authorized = base.AuthorizeCore(httpContext); if (!authorized) { // The user is not authenticated return(false); } EFDbContext context = new EFDbContext(); var permission = context.sp_GetUserPermission(httpContext.User.Identity.Name, contoller); return(permission > 0); }