If you are developing a web application which requires authentication or security features not included in the regular ASP.NET membership feature, you might decide to implement these features yourself. But it seems as if the first instinct of many ASP.NET MVC developers is to do this by customizing their Controllers, because they've decided that AuthorizeAttribute can't possibly serve their needs. They will decide that the way to do this is to write some sort of parent Controller type which exam...