protected override bool AuthorizeCore(HttpContextBase httpContext) { if (httpContext == null) { throw new ArgumentNullException("httpContext"); } System.Security.Claims.ClaimsPrincipal user = (System.Security.Claims.ClaimsPrincipal)httpContext.User; if (!user.Identity.IsAuthenticated) { return(false); } if (user.IsInAnyRole("Admin")) { return(true); } return(false); }