Revert "Revert "Ensures that all back office controllers are authenticated under the back office scheme""

Signed-off-by: Bjarke Berg <mail@bergmania.dk>

src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs

@@ -45,7 +45,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     [PluginController(Constants.Web.Mvc.BackOfficeApiArea)]  // TODO: Maybe this could be applied with our Application Model conventions
     //[ValidationFilter] // TODO: I don't actually think this is required with our custom Application Model conventions applied
     [AngularJsonOnlyConfiguration] // TODO: This could be applied with our Application Model conventions
-    [IsBackOffice] // TODO: This could be applied with our Application Model conventions
+    [IsBackOffice]
     public class AuthenticationController : UmbracoApiControllerBase
     {
         private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor;

src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs

@@ -41,6 +41,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     [DisableBrowserCache]
     //[UmbracoRequireHttps] //TODO Reintroduce
     [PluginController(Constants.Web.Mvc.BackOfficeArea)]
+    [IsBackOffice]
     public class BackOfficeController : UmbracoController
     {
         private readonly IBackOfficeUserManager _userManager;

src/Umbraco.Web.BackOffice/Controllers/PublishedSnapshotCacheStatusController.cs

@@ -8,8 +8,7 @@ using Umbraco.Web.PublishedCache;
 
 namespace Umbraco.Web.BackOffice.Controllers
 {
-    [PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
-    [IsBackOffice]
+    [PluginController(Constants.Web.Mvc.BackOfficeApiArea)]    
     public class PublishedSnapshotCacheStatusController : UmbracoAuthorizedApiController
     {
         private readonly IPublishedSnapshotService _publishedSnapshotService;