My Web application is a Single Page Application and its server front-end is a mix of ASP.NET MVC and WebAPI routes. All View routes (actually the only one) allows anonymous access. But all ApiController’s are guarded by AuthorizeAttribute. There’s a special ApiController – SecurtyApiController with the following routes: Login and GetCurrentUser methods (all these routers are mapped onto corresponding methods) allow anonymous access.

Published by

Ben Powell

Ben Powell was born in Wales and after living in several European countries is now resident in Germany. He is a frequent blogger, software developer and a social techie.

Feel free to leave constructive comments that aren't spam!