Closed
Description
Hi @mihirdilip,
While testing I noticed that [AllowAnonymouse] attribute is being ignored - meaning that regardless if the attribute is present or not authentication process is still being performed.
The problem is with HandleAuthenticateAsync() not taking into consideration the presence of the attribute. I thought about updating the code and doing a pull request, but because it is targeting .NET 4.6, .NET Core 3.0 / 3.1 & .NET Standard 2.0 not sure how to handle it properly for .NET 4.6 and .NET Standard 2.0.
In .NET Core 3.0 and above following needs to be added to line 42 in ApiKeyHandlerBase.cs class:
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
// skip authentication if endpoint has [AllowAnonymous] attribute
var endpoint = Context.GetEndpoint();`
if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
return AuthenticateResult.NoResult();
var apiKey = string.Empty;`
...
}
I hope above will be helpful in addressing the issue and please feel free to contact me if I can be any help for you.
Thanks
Metadata
Metadata
Assignees
Labels
No labels