protected override bool AuthorizeCore(HttpContextBase httpContext) { var isAuthorized = base.AuthorizeCore(httpContext) && httpContext.User.Identity.IsAuthenticated; if (!isAuthorized) { return(false); } var userPermissions = RolesManager.GetUserPermissions(httpContext.User.Identity.Name.ToString()); if (userPermissions != null) { string permissions = string.Join("", userPermissions); return(permissions.Contains(this.AccessLevel)); } return(false); }