The RequireAuthenticatedUser() method sets the HTTP status to 401 (Unauthorized) if the current user is not authenticated.
Any access to the WebSecurity object throws an InvalidOperationException if:
RequireAuthenticatedUser() only validates if the current user is authenticated. If the current user is not authenticated, the HTTP status is set to 401 (Unauthorized).
To validate if the current user is a specific user (by ID or by name), use the RequireUser() method. To validate that a user is a member of a role (roles), use the RequireRoles() method.