Fun with MVC Action Filters

Today while working in an MVC web application I ran into a scenario where I needed to authorize access based on an internally developed authorization system.

At first I thought about overriding the OnAuthorization() method in the controller which I’ve done in the past, but then I realized that the permissions could be different based on the action which is invoked on the controller. Because of this, something on the controller level may have been too restrictive, Continue reading