Stephen Brannan - 484 - Feb 18, 2014

Is there a way to disable GET requests for credentials auth?

You could use a Global Filter, or even dynamically adding a FilterAttribute to the Authenticate service should work, e.g:

typeof(Authenticate)
    .AddAttributes(new RestrictAttribute(RequestAttributes.HttpPost));

Note: this will break the OAuth Authentication providers require GET’s for their callbacks.

Stephen Brannan:

Thanks for the note. I didn’t realize it would break OAuth providers which require GET. My reason for disabling GET for auth was under SSL the url (GET) is not secured.