public override void OnAuthorization(AuthorizationContext filterContext)
{
var user = filterContext.HttpContext.User;
if (user == null)
{
base.HandleUnauthorizedRequest(filterContext); // user not log in
}
string userId = user.Identity.GetUserId();
List <string> userRoles = new List <string>();
try
{
userRoles = userManager.GetRoles(userId).ToList();
}
catch (Exception)
{
base.HandleUnauthorizedRequest(filterContext); // wrong user id
}
IdentityResult result = new IdentityResult();
foreach (var userrole in userRoles)
{
result = roleManager.HasClaim(userrole, claimType, claimValue);
if (result == IdentityResult.Success)
{
base.OnAuthorization(filterContext);
return;
}
}
if (!result.Succeeded)
{
base.HandleUnauthorizedRequest(filterContext);// user not have this claim
}
}