Moving AllowAnonymous attribute to Authorization

samples/MvcSample.Web/FiltersController.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNet.Authorization;
 using Microsoft.AspNet.Mvc;
 using Microsoft.AspNet.Mvc.Filters;
 using MvcSample.Web.Filters;

src/Microsoft.AspNet.Mvc.Abstractions/Filters/IAllowAnonymousFilter.cs

@@ -1,9 +1,9 @@
-// Copyright (c) .NET Foundation. All rights reserved.
+// Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 namespace Microsoft.AspNet.Mvc.Filters
 {
-    public interface IAllowAnonymous : IFilterMetadata
+    public interface IAllowAnonymousFilter : IFilterMetadata
     {
     }
 }

src/Microsoft.AspNet.Mvc.Core/AllowAnonymousAttribute.cs

@@ -1,13 +0,0 @@
-// Copyright (c) .NET Foundation. All rights reserved.
-// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-
-using System;
-using Microsoft.AspNet.Mvc.Filters;
-
-namespace Microsoft.AspNet.Mvc
-{
-    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
-    public class AllowAnonymousAttribute : Attribute, IAllowAnonymous
-    {
-    }
-}

src/Microsoft.AspNet.Mvc.Core/ApplicationModels/AuthorizationApplicationModelProvider.cs

@@ -38,21 +38,31 @@ namespace Microsoft.AspNet.Mvc.ApplicationModels
             {
                 policy = AuthorizationPolicy.Combine(
                     _authorizationOptions,
-                    controllerModel.Attributes.OfType<AuthorizeAttribute>());
+                    controllerModel.Attributes.OfType<IAuthorizeData>());
                 if (policy != null)
                 {
                     controllerModel.Filters.Add(new AuthorizeFilter(policy));
                 }
 
+                foreach (var attribute in controllerModel.Attributes.OfType<IAllowAnonymous>())
+                {
+                    controllerModel.Filters.Add(new AllowAnonymousFilter());
+                }
+
                 foreach (var actionModel in controllerModel.Actions)
                 {
                     policy = AuthorizationPolicy.Combine(
                         _authorizationOptions,
-                        actionModel.Attributes.OfType<AuthorizeAttribute>());
+                        actionModel.Attributes.OfType<IAuthorizeData>());
                     if (policy != null)
                     {
                         actionModel.Filters.Add(new AuthorizeFilter(policy));
                     }
+
+                    foreach (var attribute in actionModel.Attributes.OfType<IAllowAnonymous>())
+                    {
+                        actionModel.Filters.Add(new AllowAnonymousFilter());
+                    }
                 }
             }
         }

src/Microsoft.AspNet.Mvc.Core/Filters/AllowAnonymousFilter.cs

@@ -0,0 +1,13 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+namespace Microsoft.AspNet.Mvc.Filters
+{
+    /// <summary>
+    /// An implementation of <see cref="IAllowAnonymousFilter"/>
+    /// </summary>
+    public class AllowAnonymousFilter : IAllowAnonymousFilter
+    {
+
+    }
+}

src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizationFilterAttribute.cs

@@ -4,6 +4,7 @@
 using System;
 using System.Linq;
 using System.Threading.Tasks;
+using Microsoft.AspNet.Authorization;
 using Microsoft.AspNet.Mvc.Internal;
 
 namespace Microsoft.AspNet.Mvc.Filters
@@ -36,7 +37,7 @@ namespace Microsoft.AspNet.Mvc.Filters
                 throw new ArgumentNullException(nameof(context));
             }
 
-            return context.Filters.Any(item => item is IAllowAnonymous);
+            return context.Filters.Any(item => item is IAllowAnonymousFilter);
         }
 
         protected virtual void Fail(AuthorizationContext context)

src/Microsoft.AspNet.Mvc.Core/Filters/AuthorizeFilter.cs

@@ -64,7 +64,7 @@ namespace Microsoft.AspNet.Mvc.Filters
             }
 
             // Allow Anonymous skips all authorization
-            if (context.Filters.Any(item => item is IAllowAnonymous))
+            if (context.Filters.Any(item => item is IAllowAnonymousFilter))
             {
                 return;
             }

test/Microsoft.AspNet.Mvc.Core.Test/ApplicationModel/AuthorizationApplicationModelProviderTest.cs

@@ -56,6 +56,26 @@ namespace Microsoft.AspNet.Mvc.ApplicationModels
             Assert.Equal(3, authorizeFilters.First().Policy.Requirements.Count);
         }
 
+        [Fact]
+        public void CreateControllerModelAndActionModel_AllowAnonymousAttributeAddsAllowAnonymousFilter()
+        {
+            // Arrange
+            var provider = new AuthorizationApplicationModelProvider(new TestOptionsManager<AuthorizationOptions>());
+            var defaultProvider = new DefaultApplicationModelProvider(new TestOptionsManager<MvcOptions>());
+
+            var context = new ApplicationModelProviderContext(new[] { typeof(AnonymousController).GetTypeInfo() });
+            defaultProvider.OnProvidersExecuting(context);
+
+            // Act
+            provider.OnProvidersExecuting(context);
+
+            // Assert
+            var controller = Assert.Single(context.Result.Controllers);
+            Assert.Single(controller.Filters, f => f is AllowAnonymousFilter);
+            var action = Assert.Single(controller.Actions);
+            Assert.Single(action.Filters, f => f is AllowAnonymousFilter);
+        }
+
         private class BaseController
         {
             [Authorize(Policy = "Base")]
@@ -76,5 +96,14 @@ namespace Microsoft.AspNet.Mvc.ApplicationModels
         public class AccountController
         {
         }
+
+        [AllowAnonymous]
+        public class AnonymousController
+        {
+            [AllowAnonymous]
+            public void SomeAction()
+            {
+            }
+        }
     }
 }

test/Microsoft.AspNet.Mvc.Core.Test/Filters/AuthorizeFilterTest.cs

@@ -64,7 +64,7 @@ namespace Microsoft.AspNet.Mvc.Filters
             var authorizationContext = GetAuthorizationContext(services => services.AddAuthorization(),
                 anonymous: true);
 
-            authorizationContext.Filters.Add(new AllowAnonymousAttribute());
+            authorizationContext.Filters.Add(new AllowAnonymousFilter());
 
             // Act
             await authorizeFilter.OnAuthorizationAsync(authorizationContext);

test/WebSites/AntiforgeryTokenWebSite/Controllers/AccountController.cs

@@ -1,6 +1,7 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using Microsoft.AspNet.Authorization;
 using Microsoft.AspNet.Mvc;
 
 namespace AntiforgeryTokenWebSite

test/WebSites/FiltersWebSite/Controllers/RandomNumberController.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNet.Authorization;
 using Microsoft.AspNet.Mvc;
 
 namespace FiltersWebSite