public void OnAuthorization(AuthorizationContext filterContext)
{
var skipAutherization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true);
if (!skipAutherization)
{
if (SessionManagement.UserID == Guid.Empty)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { Controller = "Account", Action = "Login" }));
}
}
}
Using above code we can restrict/authenticate the particular actions and controllers