We welcome user feedback and feature requests!

API Apps with AllowAnonymous

Have a mix of authentication levels for different endpoints in the underlying Web API?

API App to have access level of 'Public (authenticated)' but one of the endpoints needs to be accessible as an anonymous user. Previously I would have just applied the AllowAnonymous attribute on the method, but the gateway still intercepts and returns an unauthenticated response.

Would be great to mark a specific method as allowing anonymous and the default behaviour to respect the gateway authentication level.

27 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Damien Pontifex shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Thank you for your feedback!

Right now the workaround is to set your authentication/authorization option to enabled, but set the action for unauthenticated requests to “allow.” Then manually redirect unauthenticated requests to the secured endpoints to the authorization flow at /.auth/login/done.
https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-active-directory-authentication#optional-configure-a-native-client-application

We would like to add more robust support for multiple auth levels in the future. I am placing this item in “unplanned” to be used in future planning sessions.

Thanks!
Alex
Azure App Service Team

3 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Adam commented  ·   ·  Flag as inappropriate

    +1

    This would be really useful to enable the use of traffic manager with a website protected by authentication.

  • Trond Hindenes commented  ·   ·  Flag as inappropriate

    The "authentication enabled" option is great for quick and easy auth-enabling of websites. It would be great if it had pathing support so that I could control which parts of the website got protected and which didn't.

Feedback and Knowledge Base