public void OnAuthorization(AuthorizationFilterContext context) { var user = context.HttpContext.User; if (!user.IsInRole(Role.Client)) { context.Result = AppResponse.Forbidden("Forbid Result"); // context.Result = new ForbidResult(); } }