The AllowAnonymous attribute was introduced in ASP.NET MVC 4.This attribute is used for specifying those controller actions that can be accessed by anonymous users. For using this attribute we

use a global authentication filter for the application and only allow anonymous access to the login/registraation page. Earlier we had to apply the authorize filter to every controller in the

application.

Following example code shows a typical usage of AllowAnonymous attribute.

[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
    ViewBag.ReturnUrl = returnUrl;
    return View();
}

To add a global authorization filter ,add the following line to the Application_Start method in the global.asax file:

GlobalConfiguration.Configuration.Filters.Add(new System.Web.Http.AuthorizeAttribute());

The above piece of code will secure the entire website.For ensuring that login/registration page are accessible to anonymous users they are decorated with AllowAnonymous attribute as below:

[AllowAnonymous]
 public ActionResult Login(string returnUrl)

[HttpPost]
 [AllowAnonymous]
 [ValidateAntiForgeryToken]
 public ActionResult Login(LoginModel model, string returnUrl)

[AllowAnonymous]
 public ActionResult Register()

[HttpPost]
 [AllowAnonymous]
 [ValidateAntiForgeryToken]
 public ActionResult Register(RegisterModel model)