API Apps with AllowAnonymous
Have a mix of authentication levels for different endpoints in the underlying Web API?
API App to have access level of 'Public (authenticated)' but one of the endpoints needs to be accessible as an anonymous user. Previously I would have just applied the AllowAnonymous attribute on the method, but the gateway still intercepts and returns an unauthenticated response.
Would be great to mark a specific method as allowing anonymous and the default behaviour to respect the gateway authentication level.
Thank you for your feedback!
Right now the workaround is to set your authentication/authorization option to enabled, but set the action for unauthenticated requests to “allow.” Then manually redirect unauthenticated requests to the secured endpoints to the authorization flow at /.auth/login/done.
We would like to add more robust support for multiple auth levels in the future. I am placing this item in “unplanned” to be used in future planning sessions.
Azure App Service Team
This would be really useful to enable the use of traffic manager with a website protected by authentication.
Trond Hindenes commented
The "authentication enabled" option is great for quick and easy auth-enabling of websites. It would be great if it had pathing support so that I could control which parts of the website got protected and which didn't.
I like this idea and would see it allowed because I have the same issue.