ASP0026 is misleading and needs further clarity

### Description

The warning makes it sound like the AllowAnonymous disables authorization all together. But it does not. If a method has both [AllowAnonymous] and [Authorize()] attributes applied, and the client sends credentials to the endpoint, the endpoint will authenticate the credentials and log the user in. Only if there are no credentials will it run as anonymous.

### Page URL

https://learn.microsoft.com/en-us/aspnet/core/diagnostics/asp0026?view=aspnetcore-9.0

### Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/diagnostics/asp0026.md

### Document ID

d2c79b3f-f7d7-d5db-c488-57feda9e17a6

### Platform Id

2ca4a99f-2dd5-1fbd-4be8-4e55e6c51203

### Article author

@tdykstra

### Metadata

* ID: d2c79b3f-f7d7-d5db-c488-57feda9e17a6
* PlatformId: 2ca4a99f-2dd5-1fbd-4be8-4e55e6c51203 
* Service: **aspnet-core**

[Related Issues](https://github.com/dotnet/AspNetCore.Docs/issues?q=is%3Aissue+is%3Aopen+d2c79b3f-f7d7-d5db-c488-57feda9e17a6)

---
[Associated WorkItem - 506179](https://dev.azure.com/msft-skilling/Content/_workitems/edit/506179)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ASP0026 is misleading and needs further clarity #35643

Description

Page URL

Content source URL

Document ID

Platform Id

Article author

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

ASP0026 is misleading and needs further clarity #35643

Description

Description

Page URL

Content source URL

Document ID

Platform Id

Article author

Metadata

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions