Example AuthorizeFilter and session model for checking the domain of a request

DomainAuthorize.cs

using System;
using System.Web;
using System.Web.Mvc;
using MvcTest.Models;

namespace MvcTest.Infrastructure.Filters
{
	/// <summary>
	/// authroize filter for checking the domain.
	/// may be a possible solution for handling
	/// multi-tennant apps that allow users to "brand"
	/// their instance with a custom domain
	/// </summary>
	public class DomainAuthorize : AuthorizeAttribute
	{
		/// <summary>
		/// authorize the request
		/// </summary>
		/// <param name="httpContext"></param>
		/// <returns></returns>
		protected override bool AuthorizeCore(HttpContextBase httpContext)
		{
			//return base.AuthorizeCore(httpContext);
			DomainSession domainSession = null;

			if (httpContext.Session != null)
			{
				domainSession = (DomainSession) httpContext.Session[MvcApplication.DomainSessionKey];
			}

			// if the session object doesn't already exist, we must lookup info based on the domain/url
			if(domainSession == null)
			{
				var domain = httpContext.Request.Url.Host;

				// go fetch any info from your database (or whatever your persistence store is) and return details
				// based on that, create a session object

				domainSession = new DomainSession {DomainId = 1, DomainName = domain, GroupId = 1, LoginDate = DateTime.Now};
				httpContext.Session[MvcApplication.DomainSessionKey] = domainSession;
			}

			return domainSession != null;
		}

		/// <summary>
		/// handles failed authorization checks... in this case,
		/// that means the domain url was not found or some other scenario
		/// 
		/// could add your own custom logic in here
		/// </summary>
		/// <param name="filterContext"></param>
		protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
		{
			base.HandleUnauthorizedRequest(filterContext);
		}
	}
}

DomainSession.cs

using System;

namespace MvcTest.Models
{
	/// <summary>
	/// simple class for storing the domain/group info of the current
	/// httpContext
	/// </summary>
	public class DomainSession
	{
		public int DomainId { get; set; }
		public string DomainName { get; set; }
		public int GroupId { get; set; }
		public DateTime? LoginDate { get; set; }
	}
}

Global.asax.cs

using System.Web.Mvc;
using System.Web.Routing;
using MvcTest.Infrastructure.Filters;

namespace MvcTest
{
	public class MvcApplication : System.Web.HttpApplication
	{
		/// <summary>
		/// name of the session key to store the serialized DomainSession object
		/// </summary>
		public static string DomainSessionKey = "MyApp_DomainSession";

		/// <summary>
		/// register certain filters globally
		/// </summary>
		/// <param name="filters"></param>
		public static void RegisterGlobalFilters(GlobalFilterCollection filters)
		{
			filters.Add(new HandleErrorAttribute());
			filters.Add(new DomainAuthorize());
		}

		public static void RegisterRoutes(RouteCollection routes)
		{
			routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

			routes.MapRoute(
				"Default", // Route name
				"{controller}/{action}/{id}", // URL with parameters
				new { controller = "Home", action = "Index", id = UrlParameter.Optional } // Parameter defaults
			);

		}

		protected void Application_Start()
		{
			AreaRegistration.RegisterAllAreas();

			RegisterGlobalFilters(GlobalFilters.Filters);
			RegisterRoutes(RouteTable.Routes);
		}
	}
}