Published about a year ago
In many of my ASP.NET web applications (mostly MVC or Web APIs) I have a mix of content with endpoints that either require authentication and authorization or that can be accessed anonymously. For example I have mostly public content (such as my own web site) with a protected management (admin) section. Or I have a Web API project with many endpoints protected by authorization but with a few of them publicly available. To ensure you protect your controllers well, you have many different options. In this article I'll show you a short unit test that you can use to ensure your controllers are properly configured when using a mixed authorization scenario.Read on ...