protected override bool AuthorizeCore(HttpContextBase httpContext) { if (WebAccountRoles == null || WebAccountRoles.Length == 0) { return(true); } var currentRoles = AbstractController.GetRoles(httpContext); foreach (var item in WebAccountRoles) { if (!currentRoles.Contains(item)) { return(false); } } return(true); }