public override void Execute(IRequest req, IResponse res, object requestDto)
{
base.Execute(req, res, requestDto); //first check if session is authenticated
if (res.IsClosed) return; //AuthenticateAttribute already closed the request (ie auth failed)
var session = req.GetSession();
if (HasAnyPermissions(req, session)) return;
if (DoHtmlRedirectIfConfigured(req, res)) return;
res.StatusCode = (int)HttpStatusCode.Forbidden;
res.StatusDescription = "Invalid Permission";
res.EndRequest();
}