public void OnAuthorization(AuthorizationContext filterContext) { RouteData rd = filterContext.RouteData; string controller = rd.GetRequiredString("controller"); string action = rd.GetRequiredString("action"); //////////////////////////////////////// // Bypass if this action has excluded the RequestAuthorize filter // aka allow anonymous access //////////////////////////////////////// var filters = FilterProviders.Providers.GetFilters(filterContext.Controller.ControllerContext, filterContext.ActionDescriptor); if (!filters.Select(filter => filter.Instance.GetType()).Contains(typeof(RequestAuthorizeAttribute))) { return; } //////////////////////////////////////// // Login by token //////////////////////////////////////// string token = filterContext.RequestContext.HttpContext.Request.QueryString.Get("token"); if (token != null) { var urlHelper = new UrlHelper(filterContext.RequestContext); if (TokenLogin.ValidateToken(token)) { return; } HandleUnauthorizedRequest(filterContext); } //////////////////////////////////////// // Normal request //////////////////////////////////////// if (RequestPermissionProvider.LoginRequired.Contains(controller)) { if (!CurrentUser.IsAuthenticated) { HandleUnauthorizedRequest(filterContext); } } else { if (!CurrentUser.IsAuthenticated) { HandleUnauthorizedRequest(filterContext); } else if (!CurrentUser.HasPermission(controller, action) && !MvcHelper.CheckActionIsAjaxOnly(controller, action)) { HandleUnauthorizedRequest(filterContext); } } SetLanguages(); }