AllowAnonymous being ignored in HandleAuthenticateAsync() method #15
Comments
|
Hi @haykpetros, Thanks for testing it out. Sorry I am not ignoring this issue, it is just that I did not had time to look into this. I will hopefully be able to have a look over weekend. Meanwhile, I have not seen any other authentication handler (eg. JwtBearerHandler) checking for AllowAnonymous attribute as it is assumed and should be handled by aspnetcore pipeline framework and the control should never reach this handler at all. Anyhow, I will investigate into this one soon. Regards, |
|
Hi @haykpetros, Investigating this matter, it was concluded that AllowAnonymous (filter) attribute is meant to be used for Authorization and not Authentication as per asp-net-core framework implementation. However, as per your suggestion above, I have added an option IgnoreAuthenticationIfAllowAnonymous which can be enabled to ignore any authentication validation. Please check out the latest code here. Also, release latest Nuget package with net5 support. Regards, |
|
Assuming it solves the problem, I am closing this issue. |
ghost
mentioned this issue
Hi @mihirdilip,
While testing I noticed that [AllowAnonymouse] attribute is being ignored - meaning that regardless if the attribute is present or not authentication process is still being performed.
The problem is with HandleAuthenticateAsync() not taking into consideration the presence of the attribute. I thought about updating the code and doing a pull request, but because it is targeting .NET 4.6, .NET Core 3.0 / 3.1 & .NET Standard 2.0 not sure how to handle it properly for .NET 4.6 and .NET Standard 2.0.
In .NET Core 3.0 and above following needs to be added to line 42 in ApiKeyHandlerBase.cs class:
I hope above will be helpful in addressing the issue and please feel free to contact me if I can be any help for you.
Thanks
The text was updated successfully, but these errors were encountered: