I have an ASP.NET MVC hybrid app which has an ...ApiController... besides the MVC Controllers. I'm using role based authorization attributes within both the MVC Controllers and the ApiController both at the controller level and sometimes on method level. ...