Is there a way to disable GET requests for credentials auth?
You could use a Global Filter, or even dynamically adding a FilterAttribute to the Authenticate service should work, e.g:
Note: this will break the OAuth Authentication providers require GET’s for their callbacks.
Thanks for the note. I didn’t realize it would break OAuth providers which require GET. My reason for disabling GET for auth was under SSL the url (GET) is not secured.