/// <summary> /// Avoids risking things like AmbiguousMatchException, by accessing the controller and action descriptors. /// </summary> internal IEnumerable<AuthorizeAttribute> GetAuthorizeAttributes(ControllerBase controller, string actionName) { ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType()); ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName); if (actionDescriptor == null) { // if we can't find a matching action descriptor, we just issue a warning log and trim the action from the site map. log.Warn(Exceptions.MiniAclModule_ActionDescriptorNotFound.FormatWith(controllerDescriptor.ControllerName, actionName)); return new AuthorizeAttribute[] { new UnauthorizedAttribute() }; } IEnumerable<AuthorizeAttribute> controllerAttributes = controllerDescriptor.GetAttributes<AuthorizeAttribute>(); IEnumerable<AuthorizeAttribute> actionAttributes = actionDescriptor.GetAttributes<AuthorizeAttribute>(); return controllerAttributes.Concat(actionAttributes); }