i got my code working with below thing(although have some question which i'll post as other question):-
public override void OnAuthorization(AuthorizationContext filterContext)
{
// if action or its controller has AllowAnonymousAttribute do nothing
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) ||
filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
return;
bool isAuthorize = base.AuthorizeCore(filterContext.HttpContext);
if (!isAuthorize==true)
{
var result = new ViewResult();
result.ViewName = "../Error/Unauthorized";
filterContext.Result = result;
return;
}
}
Actually instead of redirecting user here, i simply check whether he's an authorized user or not.