ASP.NET Web API 2 comes with five filter interfaces:
IActionFilterIAuthenticationFilterIAuthorizationFilterIExceptionFilterIOverrideFilter
All of those interfaces have built-in implementations (e.g. ActionFilterAttribute, AuthorizationFilterAttribute), except for IAuthenticationFilter. Is there a reason for that or have Web API devs simply forgot to provide an implementation for that particular interface?
UPDATE
After reading Yishai Galatzer's answer I ended up implementing the "missing" attribute and uploaded it to Nuget.org: https://www.nuget.org/packages/WebApi.AuthenticationFilter
AuthenticationFilterAttributebecause you can fulfill the use-case by using theAuthorizationFilterAttribute(assuming the use-case is you only "authorize" people who have authenticated)IAuthenticationFilterinterface was introduced in v2 so you don't have to use an authorization filter to perform both authentication and authorization, which is indeed a good thing. What I don't quite understand is why they haven't provided an implementation for that new interface so that I can subclass it and implement my custom authentication the same way as I do for custom authorization.IAuthenticationFiltermyself and it will work just fine. But for me it would be more consistent to subclass aFilterAttributeclass as it's usually done with all other filters.