I've got a couple ASP.Net MVC and WebAPI projects. Most of them are up to date (MVC 5 / WebAPI 2). I've been double-checking my security assumptions since I'm implementing a global filter (for MVC) and a delegating handler (for WebAPI) to unify security across the system.I've got a couple ASP.Net MVC and WebAPI projec