public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsAuthenticated)
{
var authorizedUsers = ConfigurationManager.AppSettings[UsersConfigKey];
var authorizedRoles = ConfigurationManager.AppSettings[RolesConfigKey];
Users = String.IsNullOrEmpty(Users) ? authorizedUsers : Users;
Roles = String.IsNullOrEmpty(Roles) ? authorizedRoles : Roles;
if (!String.IsNullOrEmpty(Roles))
{
if (!CurrentUser.IsInRole(Roles))
{
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
// base.OnAuthorization(filterContext); //returns to login url
}
}
if (!String.IsNullOrEmpty(Users))
{
if (!Users.Contains(CurrentUser.UserId.ToString()))
{
filterContext.Result = new RedirectToRouteResult(new
RouteValueDictionary(new { controller = "Error", action = "AccessDenied" }));
// base.OnAuthorization(filterContext); //returns to login url
}
}
}
}