public override void OnActionExecuting(ActionExecutingContext filterContext) { Guid uniquId; bool isPassValid = false; var pass = ExtractPasswordFromRequest(filterContext); MembershipUser mu = null; if (string.IsNullOrWhiteSpace(pass)) { throw new InvalidPasswordException("Password field not found"); } else if (!string.IsNullOrEmpty(UniqueIdFieldName) && Guid.TryParse(filterContext.RequestContext.HttpContext.Request[UniqueIdFieldName], out uniquId)) { using (var db = new ccEntities()) { mu = db.MembershipUsers.SingleOrDefault(f => f.User.UniqueId == uniquId); } } else if (filterContext.RequestContext.HttpContext.User != null && filterContext.RequestContext.HttpContext.User.Identity.IsAuthenticated) { using (var db = new ccEntities()) { var username = filterContext.RequestContext.HttpContext.User.Identity.Name; mu = db.MembershipUsers.Single(f => f.User.UserName == username); } } if (mu != null) { isPassValid = mu.ValidatePassword(pass); } else { isPassValid = false; } if (!isPassValid) { throw new InvalidPasswordException(); } }