/// <summary>
/// When overridden, provides an entry point for custom authorization checks.
/// </summary>
/// <param name="httpContext">The HTTP context, which encapsulates all HTTP-specific information about an individual HTTP request.</param>
/// <returns>
/// true if the user is authorized; otherwise, false.
/// </returns>
/// <exception cref="System.ArgumentNullException">if httpContext is null.</exception>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
var container = PerWebRequestContainerProvider.GetLifetimeScope(httpContext);
if (container != null && container.IsRegistered <ISecurityService>())
{
var security = container.Resolve <ISecurityService>();
return(security.IsAuthorized(httpContext.User, Roles));
}
return(base.AuthorizeCore(httpContext));
}
