public void OnAuthorization(AuthorizationContext filterContext) { if (filterContext.HttpContext.Session != null) { var user = filterContext.HttpContext.Session["user"]?.ToString(); if (!string.IsNullOrWhiteSpace(user)) { return; } var cookie = filterContext.HttpContext.Response.Cookies?["user"]; if (string.IsNullOrEmpty(cookie?.Value)) { throw new UnauthorizedAccessException(); } var content = cookie?.Value.DecryptQueryString(); CourseMangarEntities db = new CourseMangarEntities(); if (db.Users.Any(u => u.Account == content)) { throw new UnauthorizedException(); } } }