How can we improve Microsoft Azure API Apps?

API Apps with AllowAnonymous

Have a mix of authentication levels for different endpoints in the underlying Web API?

API App to have access level of 'Public (authenticated)' but one of the endpoints needs to be accessible as an anonymous user. Previously I would have just applied the AllowAnonymous attribute on the method, but the gateway still intercepts and returns an unauthenticated response.

Would be great to mark a specific method as allowing anonymous and the default behaviour to respect the gateway authentication level.

23 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Damien PontifexDamien Pontifex shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    unplanned  ·  Azure App Service TeamAdminAzure App Service Team (Admin, Microsoft Azure) responded  · 

    Thank you for your feedback!

    Right now the workaround is to set your authentication/authorization option to enabled, but set the action for unauthenticated requests to “allow.” Then manually redirect unauthenticated requests to the secured endpoints to the authorization flow at /.auth/login/done.
    https://docs.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-active-directory-authentication#optional-configure-a-native-client-application

    We would like to add more robust support for multiple auth levels in the future. I am placing this item in “unplanned” to be used in future planning sessions.

    Thanks!
    Alex
    Azure App Service Team

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • MikeMike commented  ·   ·  Flag as inappropriate

        I like this idea and would see it allowed because I have the same issue.

      Feedback and Knowledge Base