AllowAnonymous not working with Custom AuthorizationAttribute

Question

This has had me stumped for a while. None of the commonly encountered similar situations seem to apply here apparently. I\'ve probably missed something obvious but I can\'

Answer 1

In the AuthorizeAttribute there is the following code:

private static bool SkipAuthorization(HttpActionContext actionContext)
{
    Contract.Assert(actionContext != null);

    return actionContext.ActionDescriptor.GetCustomAttributes().Any()
               || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes().Any();
}

Include this method in your AuthorizeAttribute class then add the following to the top of your OnAuthorization method to skip authorization if any AllowAnonymous attributes are found:

if (SkipAuthorization(actionContext)) return;