I am trying to understand how [AllowAnonymous] tag works.
I have the following method
[HttpGet]
public ActionResult Add()
{
return View();
}
When I am not logged in, I am able to open this page. I have been under the impression that I can do that only if I put [AllowAnonymous] tag above the method that I should be able to do that. Is there a setting that I need to turn on to make this work?
[AllowAnonymous] attribute is working only when you use [Authorize] attribute on a Controller level. For example, you use [Authorize] attribute on a AccountController. Also you want your users to be allowed for Login method without authentification. In this way you use [AllowAnonymous] attribute on a Login method. In this case your users will be able to login to your site, because [AllowAnonymous] allows it
Does it make sense?