Example ASP.NET MVC Authorize Attribute in dotnet core.

//
// Core/Attributes/AuthorizeAttribute.cs
// 

using SecurityEssentials.Core.Identity;
using Serilog;
using System;
using System.Linq;
using System.Web.Mvc;

namespace SecurityEssentials.Core.Attributes
{
    public class SeAuthorizeAttribute : AuthorizeAttribute
    {
        private readonly IUserIdentity _userIdentity;

        public SeAuthorizeAttribute()  : this(new UserIdentity())
        { }

        public SeAuthorizeAttribute(IUserIdentity userIdentity)
        {
            _userIdentity = userIdentity ?? throw new ArgumentNullException(nameof(userIdentity));
        }

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            string action = filterContext.ActionDescriptor.ActionName;
            string controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            Requester requester = _userIdentity.GetRequester(filterContext.Controller as Controller);
            if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
            {
                // The user is not authenticated
                Log.Logger.Information("Failed access attempt on controller {controller} and action {action} which required authorization by requester {@requester}",
                                       controller, action, requester);
                base.HandleUnauthorizedRequest(filterContext);
            }
            else if (!Roles.Split(',').Any(filterContext.HttpContext.User.IsInRole))
            {
                // The user is not in any of the listed roles then log and show the unauthorized view
                Log.Logger.Information("Failed access attempt on controller {controller} and action {action} which required roles {roles} by requester {@requester}",
                                       controller, action, Roles, requester);
                filterContext.Result = new ViewResult
                {
                    ViewName = "~/Views/Error/Unauthorized.cshtml"
                };
            }
            else
            {
                base.HandleUnauthorizedRequest(filterContext);
            }
        }
    }
}