protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { // load the user and make sure they are valid var userName = httpContext.User.Identity.Name; var membership = new AccountMembershipService(); var result = membership.IsValidUser(userName); if (result) { // load the site id var siteId = httpContext.Request.RequestContext.RouteData.Values["site"]; var personRepository = SmartServiceLocator<IRepositoryWithTypedId<Person, string>>.GetService(); var person = personRepository.Queryable.First(a => a.User.LoweredUserName == userName.ToLower()); //httpContext.Result = new System.Web.Mvc.HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden); return person.Sites.Any(a => a.Id == (string)siteId); } return false; }