EnVisageOnline/Main-RMO/Source/EnVisage/Code/Security/SecurityAttribute.cs

using System;
using System.Web;
using System.Web.Helpers;
using System.Web.Mvc;

namespace EnVisage.Code
{
    public class AreaSecurityAttribute : AuthorizeAttribute
    {
        public Areas area { get; set; }
        public AccessLevel level { get; set; }

        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            var isAuthorized = base.AuthorizeCore(httpContext);
            if (!isAuthorized)
            {
                return false;
            }

            return SecurityManager.CheckSecurityObjectPermission(area, level);
        }
    }

    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)]
    public class ValidateJsonAntiForgeryTokenAttribute : FilterAttribute, IAuthorizationFilter
    {
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }

            var httpContext = filterContext.HttpContext;
            var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];
            AntiForgery.Validate(cookie != null ? cookie.Value : null, httpContext.Request.Headers["__RequestVerificationToken"]);
        }
    }
}