AllowAnonymous not working when implementing Mvc.Mailer

Question

I have an older ASP.NET MVC 4 project (originally ASP.NET MVC 3), and I wanted to add an automatic reminding function to. My idea was to use the existing Mvc.Mailer function which is already installed. I wrote a function that compiles and sends the mails and it works.

When running the project on my workstation in debug mode I can use Curl to call the action which then runs the function, perfect! The plan was I would use task scheduler to call this specific url regularly and it would send reminder emails to people, if they had anything to be reminded of.

However, when I publish the project to the server and call the action via Curl, the function does not work, I am redirected to the login page. I have spent a week looking into [Authorize] and [AllowAnonymous] which I have implemented on all my controllers and looking at web.config if I have something there overriding the normal authorize function.

Here's some of the code.

First the action Emailreminders which I have in its own controller, regardless of outcome it just returns 200 for now:

[Authorize]
public class MailController : Controller
{
    private IUserMailer _userMailer = new UserMailer();        

    public IUserMailer UserMailer
    {
        get { return _userMailer; }
        set { _userMailer = value; }
    }

    // This action is called with a curl command on a timer to create reminders
    [AllowAnonymous]
    public ActionResult Emailreminders() 
    {
        UserMailer.Reminders(); //Create reminder mails

        return new HttpStatusCodeResult(200);
    }
}

The function Reminders() is accessed via an interface. I have made the method a void since it should not return anything.

public interface IUserMailer
{
    MailMessage Welcome();

    // *snip*
      
    [AllowAnonymous]
    void Reminders();
}

The method itself is located in this class I have cut down to relevant code

[Authorize]
public class UserMailer : MailerBase, IUserMailer
{
    public UserMailer() : base()
    {
        MasterName = "_Layout";
    }

    [AllowAnonymous]
    public virtual void Reminders()
    {
        var today = DateTime.Today;
        var PastLimit = DateTime.Today.AddDays(-365); 

        using (var db = new DBContext())
        {
            var tableName = from s in db.tableName
                            where s.FollowUpDate > PastLimit && s.FollowUpDate < today && s.IsFollowedUp == false //Only go back a year
                            select s;

            var Users = from u in db.Users
                        select u;
            
            foreach (var item in Users) //Create list for each user
            {
                IEnumerable<tableModel> dev = tableName.Where(s => s.UserID == item.UserID);

                ViewBag.TableList = dev;
                ViewBag.UserName = item.Name;
                ViewBag.UserMail = item.Email;
                
                if (!dev.IsEmpty())
                {
                    var mailMessage = new MailMessage { Subject = "subject name here" };
                    mailMessage.From = new MailAddress("from@email.com", "From name");
                    mailMessage.SubjectEncoding = Encoding.UTF8;
                    mailMessage.BodyEncoding = Encoding.UTF8;
                    mailMessage.To.Add("dennis@domain.com");

                    PopulateBody(mailMessage, viewName: "ReminderView");

                    mailMessage.Send();
                }
            }
        }
    }
}

Since the problem only occurs on the production server I have been forced to comment out pieces of code to see what triggers the login page from appearing. I finally narrowed it down to the final line in the Reminders() method, that is mailMessage.Send(); is calling this and actually sending the mail causes AllowAnonymous to be overwritten.

Does anyone know why? Could it simply be that my production server is running a different version of the .NET framework? The production server is very old, Windows Server 2012 running IIS8.

I have tried to look through web.config and the authorization implementations in case things where interfering. I have no code in web.config pertaining to authorization except this piece:

<add key="loginUrl" value="~/Account/LogOn" />

Except later I also tried adding, without success

<location path="YourController/AnonymousMethod">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>

I have tried to follow the principles on authorization found here: https://weblogs.asp.net/jongalloway/asp-net-mvc-authentication-global-authentication-and-allow-anonymous

I have commented out lines of code until I found the line that triggered the login page appearing. Which I mentioned earlier.