public void OnAuthorization(AuthorizationContext ac) { bool isAuthOK = false; StaffService staffService = new StaffService(); if (ac.HttpContext.Session["sessionId"] != null) { string sessionId = ac.HttpContext.Session["sessionId"].ToString(); StaffEF staff = staffService.FindStaffBySessionId(sessionId); if (staff != null) { isAuthOK = true; } } if (!isAuthOK) { ac.Result = new RedirectToRouteResult( new RouteValueDictionary { { "controller", "Login" }, { "action", "Index" } }); } }