public override void OnAuthorization(AuthorizationContext filterContext) { bool authorized = false; if (AllowAnonymous || (Cookies.IsLoggedIn && AllowedRoles.Length == 0)) { authorized = true; } else if (Cookies.IsLoggedIn) { _iDCredential = new DCredential(); _iDRole = new DRole(); _iFCredential = new FCredential(_iDCredential); _iFRole = new FRole(_iDRole); authorized = _iFRole.HasRole(Cookies.CredentialId, AllowedRoles); } if (!authorized && !string.IsNullOrEmpty(RedirectController) && !string.IsNullOrEmpty(RedirectMethod)) { filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = RedirectController, action = RedirectMethod })); } else if (!authorized) { filterContext.Result = new HttpUnauthorizedResult(); } }
protected override bool IsAuthorized(HttpActionContext actionContext) { bool authorized = false; if (AllowAnonymous || (Claims.IsLoggedIn && AllowedRoles.Length == 0)) { authorized = true; } else if (Claims.IsLoggedIn) { authorized = _iFRole.HasRole(Claims.CredentialId, AllowedRoles); } return(authorized); }