Apply AuthorizeAttribute to a controller class and to action simultaneously

A solution is in this article: Securing your ASP.NET MVC 3 Application

The article talks about a white list approach where you decorate actions with a AllowAnonymous custom attribute. It requires that you extend AuthorizeAttribute and the OnAuthorization method to skip authorization checks of AllowAnonymous -actions. (The approach is credited to Levi, a security expert on the MVC team.)


By default it's impossible - if you set [Authorize] for controller then only authenticated user can access to action.

or

You can try custom decisions: stackoverflow.


You can use [AllowAnonymous]

 [Authorize]
 public class MyController : Controller
 {
     [AllowAnonymous]
     public ActionResult PublicMethod()
     {
           //some code
     }

     public ActionResult PrivateMethod()
     {
           //some code
     }
  }