AllowAnonymous Requests

[kijanawoodard]

MVC4 project.
GlobalFilters: filters.Add(new System.Web.Mvc.AuthorizeAttribute());

The vast majority of my pages are secured so this works well.

I have the AllowAnonymous attribute on my Login page and a landing page.

Moth makes it's requests through a controller so the requests are blocked unless the user is logged in.

I'm faced with making "manual" stylesheet requests for unsecured pages or turning off global security and "manually" securing most of my controllers.

Could the Moth resource controllers have the AllowAnonymous attribute applied?

[kijanawoodard]

I'm using the following class to open up Moth. Maybe this is good enough?

public class CustomAuthorizeAttribute : System.Web.Mvc.AuthorizeAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (!(filterContext.Controller is ResourcesController))
            base.OnAuthorization(filterContext);
    }
}