How to Extend/Architect the ASP.NET MVC 3 Authorize Attribute to Handle This Scenario

Question

I\'ve been trying to think this answer through and can\'t find a good solution on how to properly do this.

I\'ve read over these articles:
h

Answer 1

I had somewhat similar problem and I did not use Authorize attribute.

Instead I decided to extend Controller class and override the implementation of OnActionExecuting. In my implementation then I could perform all checks like to which department user belonged and whether he is good enough to see the data of other departments. See if this approach works for you.