public override void Execute(IRequest req, IResponse res, object requestDto)
{
if (HostContext.AppHost.HasValidAuthSecret(req))
return;
base.Execute(req, res, requestDto); //first check if session is authenticated
if (res.IsClosed) return; //AuthenticateAttribute already closed the request (ie auth failed)
var session = req.GetSession();
if (session != null && session.HasRole(RoleNames.Admin))
return;
if (HasAllRoles(req, session)) return;
if (DoHtmlRedirectIfConfigured(req, res)) return;
res.StatusCode = (int)HttpStatusCode.Forbidden;
res.StatusDescription = "Invalid Role";
res.EndRequest();
}