public override void OnAuthorization(AuthorizationContext filterContext)
        {
            var user = filterContext.HttpContext.User;

            if (user == null)
            {
                base.HandleUnauthorizedRequest(filterContext); // user not log in
            }
            string userId = user.Identity.GetUserId();

            List <string> userRoles = new List <string>();

            try
            {
                userRoles = userManager.GetRoles(userId).ToList();
            }
            catch (Exception)
            {
                base.HandleUnauthorizedRequest(filterContext); // wrong user id
            }

            IdentityResult result = new IdentityResult();

            foreach (var userrole in userRoles)
            {
                result = roleManager.HasClaim(userrole, claimType, claimValue);
                if (result == IdentityResult.Success)
                {
                    base.OnAuthorization(filterContext);
                    return;
                }
            }

            if (!result.Succeeded)
            {
                base.HandleUnauthorizedRequest(filterContext);// user not have this claim
            }
        }