Is there a way to disable GET requests for credentials auth?
You could use a Global Filter, or even dynamically adding a FilterAttribute to the Authenticate service should work, e.g:
typeof(Authenticate)
.AddAttributes(new RestrictAttribute(RequestAttributes.HttpPost));
Note: this will break the OAuth Authentication providers require GET’s for their callbacks.
Stephen Brannan:
Thanks for the note. I didn’t realize it would break OAuth providers which require GET. My reason for disabling GET for auth was under SSL the url (GET) is not secured.