We would like to allow access to a page of our webapp to either a role or a group of users. For example, members of the group Admins should be allowed, in addition to User1 and User2 who are not members of the Admins group. Currently, the AuthorizeAttribute
only looks at either roles or users, but not both.
I've added an issue
. I would be more than willing to take this one and submit a patch.