See this answer: Custom Authorization MVC 3 and Ninject IoC
If you want to use constructor injection then you need to create an attribute and a filter.
/// Marker attribute
public class MyAuthorizeAttribute : FilterAttribute { }
/// Filter
public class MyAuthorizeFilter : IAuthorizationFilter
{
private readonly IUserService _userService;
public MyAuthorizeFilter(IUserService userService)
{
_userService = userService;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
var validUser = _userService.CheckIsValid();
if (!validUser)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "action", "AccessDenied" }, { "controller", "Error" } });
}
}
}
Binding:
this.BindFilter<MyAuthorizeFilter>(System.Web.Mvc.FilterScope.Controller, 0).WhenControllerHas<MyAuthorizeAttribute>();
Controller:
[MyAuthorizeAttribute]
public class YourController : Controller
{
// ...
}