I'm trying to understand how EPiServer 7 Access Rights works with MVC and normal authorization attributes on actions/controllers. The problem is simple: I have created a page and restricted it to authenticated users (via Edit Mode). Now, I have a partially rendered grid on this page. The grid is updated (e.g. paging, sorting) by calling (via ajax) an action that returns a partial view. This works as intended.But when I open up another browser window and log out from the website, then go back to the first browser window and perform e.g. a sorting operation on the grid, I get redirected to the login page which is now rendered within the target div I set aside for the partial view. I thought I solved this with a custom authorize attribute that handles ajax requests as described here: http://stackoverflow.com/a/8305991. But in my case, in EPiServer 7, I noticed that my custom AuthorizeAjaxAttribute is never invoked. It seems that EPiServer takes care of all that behind the scenes.
Any ideas how to solve this?