MVC5 Claims version of the Authorize attribute

Question

I\'m trying out some of the new stuff in VS2013 RC with MVC5 and the new OWIN authentication middleware.

So, I\'m used to using the [Authorize] attribut

Answer 1

1. You wouldn't check for claims specifically, but rather for action/resource pairs. Factor out the actual claims / data checks into an authorization manager. Separation of concerns.
2. MVC and ClaimsPrincipalPermission is not a good match. It throws a SecurityException and is not unit testing friendly.

My version is here: http://leastprivilege.com/2012/10/26/using-claims-based-authorization-in-mvc-and-web-api/