My work around for the problem, for anybody facing the same issue, was to apply the [AbpMvcAuthorize] attribute to manually to all controllers (except those I want to completely whitelist), and then the [AbpAllowAnonymous] attribute to actions I want to whitelist for public access. No applying global filters (AbpMvcAuthoizeFilter is already applied by AbpWebMvcModule), nor applying [Authorize] or [AbpMvcAuthorize] to the base controller class. They all resulted in infinite loops or inaccessible whitelisted methods.
Thank you. At least I know its in in the pipeline for fixing. I should have also mentioned that the AbpScriptsManager does not have the AllowAnonymous attribute applied in any form, so its GetScripts action is never accessible if a global Authorize filter is applied. Same for the WebApi GetAll scripts action.
