public void authorize(object sender, EventArgs e) { HttpApplication application = (HttpApplication)sender; if (existValidUser()) { using (SecurityDAO secDAO = new SecurityDAO()) { Menu menu = secDAO.GetMenuByPath(getVirtualPathAsLowerCase(application)); if (menu != null) { foreach (Role menuRole in secDAO.GetRolesFor(menu)) { if (!userIsInRole(application, menuRole)) { throw new HttpException(401, "UnAuthorized access to " + application.Request.Path); } } } } } }