Hello,
the AuthorizeAttribute does for well initial authorization and authentication and for actions that return views, but it doesn't work for grid commands such as save. Well it actually prevent the saving process, but the routing to the error-action doesn't work properly, because the save-command doesn't expect a view to be returned.
Rather than redirecting I'd like to hide commands/toolbar-items based on the role a user has in our database, but so far I only found an option like this based on AD-roles. Is there any way for me to do this?