Prevent FormsAuthenticationModule of intercepting ASP.NET Web API responses

Question

In ASP.NET the FormsAuthenticationModule intercepts any HTTP 401, and returns an HTTP 302 redirection to the login page. This is a pain for AJAX, since you ask for json and

Answer 1

I was able to get around the deny anonymous setting in web.config by setting the following property:

Request.RequestContext.HttpContext.SkipAuthorization = true;

I do this after some checks against the Request object in the Application_BeginRequest method in Global.asax.cs, like the RawURL property and other header information to make sure the request is accessing an area that I want to allow anonymous access to. I still perform authentication/authorization once the API action is called.