Where to perform controller initialization that relies on user being authenticated

I've found a bug in our application caused when the user's authentication ticket expires.

The controller is decorated with the Authorize attribute but we were doing some ini开发者_StackOverflowtialization of variables in the controller's constructor which relied on the user being authenticated.

So where would be the best place to move this initialization code to such that it is not executed if the user is not authenticated (and therefore they will be redirected to the login page)? OnAuthorization?

So where would be the best place to move this initialization code to such that it is not executed if the user is not authenticated

You could write a custom AuthorizeAttribute and perform it inside the AuthorizeCore method (after calling the base method and ensuring that it returned true).

Another possibility is to write a custom model binder to some model which will initialize it and then your controller actions could take this model as argument.