...
In the current implementation we use an attribute to inject authentication into the controller pipeline. ASP.NET Core suggests we use middle ware and inject further up the pipeline, and thus we can implement the usage of the Authorize attribute for controllers that require authentication and/or authorization and the Allow Anonymous attribute where authentication is not required. Authorization though remains the same, and is addressed with the NHibernate process as before.
...