In MVC we decorate actions using AuthorizeAttribute. When a given user is not authorized for a particular action it calls HandleUnauthorizedRequest method. I have overridden this method in my custom class called
CustomAuthorizeAttribute that inherits from
AuthorizeAttribute. With in the scope of my overridden
HandleUnauthorizedRequest method how do I get all the roles that current user is not part of which made him/her unauthorized? For example if I decorate my action as
[CustomAuthorize(Roles = "AreaUser")] and I come to my
HandleUnauthorizedRequest I would like to know that the user is not part of "AreaUser" so that I can display that on a redirected permission denied page.