API Apps with AllowAnonymous
Have a mix of authentication levels for different endpoints in the underlying Web API?
API App to have access level of 'Public (authenticated)' but one of the endpoints needs to be accessible as an anonymous user. Previously I would have just applied the AllowAnonymous attribute on the method, but the gateway still intercepts and returns an unauthenticated response.
Would be great to mark a specific method as allowing anonymous and the default behaviour to respect the gateway authentication level.
Thank you for your feedback!
Right now the workaround is to set your authentication/authorization option to enabled, but set the action for unauthenticated requests to “allow.” Then manually redirect unauthenticated requests to the secured endpoints to the authorization flow at /.auth/login/done.
We would like to add more robust support for multiple auth levels in the future. I am placing this item in “unplanned” to be used in future planning sessions.
Azure App Service Team
I like this idea and would see it allowed because I have the same issue.