Overriding AuthorizeCore from AuthorizeAttribute is not being invoked

Question

For some reason, only the method OnAuthorization is being invoked, but AuthorizeCore not.
this is how I call it:

[AuthorizeWithRoles(Roles = "Affiliate")]
public string TestOnlyAffiliate()
{
     return "ok";
}

this is the actual attribute.

public class AuthorizeWithRolesAttribute : AuthorizeAttribute
{

    public string Roles { get; set; }

    //
    //AuthorizeCore - NOT INVOKING!
    //
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        return true;
    }
    public  void OnAuthorization(AuthorizationContext filterContext)
    {

    }
}

Answer 1

You're not supposed to override OnAuthorization. It deals with potential caching issues and calls AuthorizeCore.

http://aspnetwebstack.codeplex.com/SourceControl/changeset/view/1acb241299a8#src/System.Web.Mvc/AuthorizeAttribute.cs

// In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page.

Put your custom logic in AuthorizationCore.