diff --git a/cake/libs/controller/components/auth.php b/cake/libs/controller/components/auth.php
index 15991d4ebde..a76c877add3 100644
--- a/cake/libs/controller/components/auth.php
+++ b/cake/libs/controller/components/auth.php
@@ -264,6 +264,7 @@ function initialize(&$controller) {
 	function startup(&$controller) {
 		$methods = array_flip($controller->methods);
 		$controllerAction = strtolower($controller->params['action']);
+		$lowerAllowedActions = array_map('strtolower', $this->allowedActions);
 
 		$isErrorOrTests = (
 			strtolower($controller->name) == 'cakeerror' ||
@@ -297,7 +298,7 @@ function startup(&$controller) {
 
 		$isAllowed = (
 			$this->allowedActions == array('*') ||
-			isset($methods[$controllerAction])
+			in_array($controllerAction, $lowerAllowedActions)
 		);
 
 		if ($loginAction != $url && $isAllowed) {
diff --git a/cake/tests/cases/libs/controller/components/auth.test.php b/cake/tests/cases/libs/controller/components/auth.test.php
index b8cbf0b1380..481b2dd5ffe 100644
--- a/cake/tests/cases/libs/controller/components/auth.test.php
+++ b/cake/tests/cases/libs/controller/components/auth.test.php
@@ -753,6 +753,10 @@ function testAllowedActionsWithCamelCaseMethods() {
 		$this->Controller->Auth->allowedActions = array('delete', 'camelCase', 'add');
 		$result = $this->Controller->Auth->startup($this->Controller);
 		$this->assertTrue($result, 'startup() should return true, as action is allowed. %s');
+
+		$this->Controller->Auth->allowedActions = array('delete', 'add');
+		$result = $this->Controller->Auth->startup($this->Controller);
+		$this->assertFalse($result, 'startup() should return false, as action is not allowed. %s');
 	}
 /**
  * testLoginRedirect method