您可以巩固那种逻辑与自定义AuthorizationFilter。

You could consolidate that sort of logic with a custom AuthorizationFilter.

http://geekswithblogs.net/brians/archive/2010/07/08/implementing-a-custom-asp.net-mvc-authorization-filter.aspx