public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { var User = context.HttpContext.User; string UserRoles = User.FindFirst(ClaimTypes.Role)?.Value; if (UserRoles != null) { var conAction = context.ActionDescriptor as ControllerActionDescriptor; var areaName = string.Empty; if (conAction.ControllerTypeInfo .GetCustomAttribute <AreaAttribute>() != null) { areaName = conAction.ControllerTypeInfo .GetCustomAttribute <AreaAttribute>().RouteValue; } if (areaName == null) { areaName = string.Empty; } bool HasPermission = false; if (conAction.ActionName.ToLower() == "error") { HasPermission = true; } else { PermissionManager permissionManager = new PermissionManager(); HasPermission = await _appPer.CheckAdminPagePermission(areaName, conAction.ControllerName, conAction.ActionName, UserRoles); if (HasPermission) { context.HttpContext.Items[HttpContextKey.PageName] = conAction.ControllerName; context.HttpContext.Items[HttpContextKey.UserArea] = areaName; } } if (!HasPermission) { context.Result = new ForbidResult(); } } }