diff --git a/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs b/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs
index 157df177e9..1335ee049d 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs
@@ -130,7 +130,7 @@ namespace Umbraco.Web.Editors
///
///
[HttpGet]
- [UmbracoAuthorize]
+ [UmbracoAuthorize, OverrideAuthorization]
public bool AllowsCultureVariation()
{
var contentTypes = _contentTypeService.GetAll();
diff --git a/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs b/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
index acd468191a..2c7db69b84 100644
--- a/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
+++ b/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs
@@ -1,4 +1,5 @@
using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Umbraco.Core;
@@ -7,6 +8,7 @@ using Umbraco.Core.Configuration;
using Umbraco.Core.Security;
using Umbraco.Core.Serialization;
using Umbraco.Net;
+using Umbraco.Web.BackOffice.Filters;
using Umbraco.Web.BackOffice.Security;
using Umbraco.Web.Common.AspNetCore;
using Umbraco.Web.Common.Security;
@@ -26,6 +28,7 @@ namespace Umbraco.Extensions
// TODO: We had this check in v8 where we don't enable these unless we can run...
//if (runtimeState.Level != RuntimeLevel.Upgrade && runtimeState.Level != RuntimeLevel.Run) return app;
+ services.AddSingleton();
services
.AddAuthentication(Constants.Security.BackOfficeAuthenticationType)
.AddCookie(Constants.Security.BackOfficeAuthenticationType);
diff --git a/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationAttribute.cs b/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationAttribute.cs
new file mode 100644
index 0000000000..ed05d831f4
--- /dev/null
+++ b/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationAttribute.cs
@@ -0,0 +1,24 @@
+using System;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace Umbraco.Web.BackOffice.Filters
+{
+ public class OverrideAuthorizationAttribute : ActionFilterAttribute
+ {
+ ///
+ /// Ensures a special type of authorization filter is ignored. Defaults to .
+ ///
+ /// The type of authorication filter to override. if null then is used.
+ ///
+ /// https://stackoverflow.com/questions/33558095/overrideauthorizationattribute-in-asp-net-5
+ ///
+ public OverrideAuthorizationAttribute(Type filtersToOverride = null)
+ {
+ FiltersToOverride = filtersToOverride ?? typeof(IAuthorizationFilter);
+ }
+
+ public Type FiltersToOverride { get;}
+
+
+ }
+}
diff --git a/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationFilterProvider.cs b/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationFilterProvider.cs
new file mode 100644
index 0000000000..6dbf6d747a
--- /dev/null
+++ b/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationFilterProvider.cs
@@ -0,0 +1,34 @@
+using System.Linq;
+using Microsoft.AspNetCore.Mvc.Filters;
+using Umbraco.Core;
+
+namespace Umbraco.Web.BackOffice.Filters
+{
+ public class OverrideAuthorizationFilterProvider : IFilterProvider, IFilterMetadata
+ {
+ public void OnProvidersExecuted(FilterProviderContext context)
+ {
+
+ }
+
+ public void OnProvidersExecuting(FilterProviderContext context)
+ {
+ if (context.ActionContext.ActionDescriptor.FilterDescriptors != null)
+ {
+ //Does the action have any UmbracoAuthorizeFilter?
+ var overrideFilters = context.Results.Where(filterItem => filterItem.Filter is OverrideAuthorizationAttribute).ToArray();
+ foreach (var overrideFilter in overrideFilters)
+ {
+ context.Results.RemoveAll(filterItem =>
+ //Remove any filter for the type indicated in the UmbracoAuthorizeFilter attribute
+ filterItem.Descriptor.Filter.GetType() == ((OverrideAuthorizationAttribute)overrideFilter.Filter).FiltersToOverride &&
+ //Remove filters with lower scope (ie controller) than the override filter (ie action method)
+ filterItem.Descriptor.Scope < overrideFilter.Descriptor.Scope);
+ }
+ }
+ }
+
+ //all framework providers have negative orders, so ours will come later
+ public int Order => 1;
+ }
+}
diff --git a/src/Umbraco.Web.BackOffice/Filters/UmbracoAuthorizeFilter.cs b/src/Umbraco.Web.BackOffice/Filters/UmbracoAuthorizeFilter.cs
index 16d4b7ba33..e166a0e7e7 100644
--- a/src/Umbraco.Web.BackOffice/Filters/UmbracoAuthorizeFilter.cs
+++ b/src/Umbraco.Web.BackOffice/Filters/UmbracoAuthorizeFilter.cs
@@ -1,5 +1,4 @@
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Routing;
using System;
@@ -46,6 +45,7 @@ namespace Umbraco.Web.BackOffice.Filters
///
/// Default constructor
///
+ ///
///
///
///
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 95de02a38a..3f52c71366 100755
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -159,6 +159,8 @@
+
+
@@ -314,9 +316,7 @@
-
-