In my base controllers I actually put some utility method ([NonAction]) collected over time. I prefer to add functionalities to Controllers by decorating with Attributes if possible.

Lately my base controller has:

• some Properties for retrieving information about the current user (my app
  specific informations, not the User.Identity stuffs)
• A simple protected override void OnException(ExceptionContext
filterContext); override for at least logging unhandled exception and have
  some sort of automatic notifications
• A bunch of Cookies related methods (WebForms auth cookies management
  for example)
• A bunch of usefull standard attributes (usually [Authorize], [HandleError], [OutputCache]) in its declaration.
• some standard method for preparing widely used json data types on the fly (when possible I prefer to have a standard json object with ErrorCode, ErrorMessage and a UserData).

With time you’ll find more and more utilities to keep with your controllers, try to keep an assembly with the simpler ones (avoiding heavy dependencies), will come handy with your next MVC projects. (the same goes for Helpers and to some degree also for EditorTemplates).

For the Authorize Attribute part, well, I think the cleanest way is to write your own AuthorizeAttribute class, specifically a NonAuthorizeAttribute. I think I’ve also seen it somewhere on SO.

You can also play with the Order Property of the default AuthorizeAttribute – put different Order in BaseController and in Action, in order to have Action’s one executed first, but I cannot recall if you can actually break the Attributes processing chain.

Regards,

M.