Tags » ASP. NET
The Rule is not idea but simple enough:
System.Web.Http.Authorize for an
ApiController (Web API controller)
System.Web.Mvc.Authorize for a
Controller (MVC controller).
The framework runs the filters as part of the pipeline processing and the controllers find its own filter in the pipeline to be applied, hence the if you don’t use the corresponding filter, authorization will not work. 75 more words