public void OnAuthorization(AuthorizationFilterContext context) { var userIdentity = (ClaimsIdentity)context.HttpContext.User.Identity; if (!userIdentity.IsAuthenticated) { context.Result = new ForbidResult(); return; } var claims = userIdentity.Claims; var roleClaimType = userIdentity.RoleClaimType; var roles = claims.Where(c => c.Type == ClaimTypes.Role).ToList(); //List<string> skipPermissions = new List<string>() { "Sear"}; //var rolePermissions = _moduleService.GetModulesByCriteria(new List<string>(), roles.Select(x => x.Value).ToList()); if (!_userService.IsPharmixAdmin(context.HttpContext.User.Identity.Name)) { var permissionKeys = _moduleService.GetAvailablePermissionsByUserName(context.HttpContext.User.Identity.Name); string pageKey = ConstructPageKey(context); GetRelaventPermissions(pageKey, ref permissionKeys); if (!permissionKeys.Contains(pageKey)) { context.Result = new ForbidResult(); } //if (!(rolePermissions.Where(x => x.Key.Equals(pageKey) && x.IsHaveAccess).Count() > 0) && !(rolePermissions.Where(x => x.Key.Equals(pageKey)).Count() <= 0)) //{ // //Shos access denied // context.Result = new ForbidResult(); // //Redirect to login page // //context.Result = new RedirectToRouteResult(new // // RouteValueDictionary(new { controller = "Account", action = "Login"})); //} } }