Filters/DiscardAttribute -> Why not use the AllowAnnontmous attribute ?

[MrMitch]

The AllowAnonymous attribute basically works the same as your DiscardAttribute filter, so why not use it instead ?

[AllowAnonymous]
public ActionResult Login(string returnUrl)

[Aethelflaed]

I thought about it, but then I read the manual :

Specifies that actions and controllers are skipped by AuthorizeAttribute during authorization.

So that wasn't a way to discard access to specific users.

Moreover, the DiscardAttribute simply negates the AuthorizeAttribute value, so you can imagine something like:

[Discard(Users="David,Mitch")]

That code (although not tested) should grant access to everybody except the specified ones, which is sometimes more interesting than specifying all authorized users =)