I am using OpenRasta for building my REST API and want to enable the Authentication for selected number of methods in Handler. So i have put RequiresAuthentication attribute for those methods.
I have a authentication scheme defined for it. So when i specify Authorization Header in HTTP Request it should check for authentication. In ideal scenario, it should not check for authentication for the methods which don't have RequiresAuthentication attribute specified. But instead of that it checks for authentication as i have specified Authorization Header for the request.
Is it a acceptable behavior or it should check if the attribute is assigned to the method and check for authentication even if the Authorization Header is specified ?
If OpenRasta checks for Authorization Header what is the use of RequiresAuthentication attribute ?