Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2.0] Adding [AllowAnonymous] does not allow Anonymous requests #717

Open
garaydev opened this issue Aug 15, 2022 · 1 comment
Open

[2.0] Adding [AllowAnonymous] does not allow Anonymous requests #717

garaydev opened this issue Aug 15, 2022 · 1 comment
Assignees
@robertmclaws
Milestone
2.0

Comments

@garaydev
Copy link

Hello RESTier Team!

We have an API that uses a global filter to require authenticated requests. However, adding the [AllowAnonymous] attribute on RESTier API methods does not allow anonymous users to invoke the method.

Assemblies affected

Microsoft.Restier.AspNetCore

  • 1.0.0-rc8.20220714.1

Reproduce steps

  1. Add an AllowAnonymous attribute to any ApiBase class.
  2. Now attempt to access any base controller and it will require authentication.

Expected result

Adding AllowAnonymous would allow the global Index API surface to not require valid credentials and/or Claims to be present.

Actual result

The method still requires authentication.
@garaydev garaydev changed the title Adding [AllowAnonymous] does not allow Anonymous requests Adding [AllowAnonymous] does not allow Anonymous requests Aug 15, 2022
@robertmclaws robertmclaws added this to the 2.0 milestone Dec 5, 2023
@robertmclaws
Copy link
Collaborator

We will need to have a set of AuthorizationHandlers that check for the AllowAnonymous attribute on convention-based methods before executing them.

@robertmclaws robertmclaws self-assigned this Dec 5, 2023
@robertmclaws robertmclaws changed the title Adding [AllowAnonymous] does not allow Anonymous requests [2.0] Adding [AllowAnonymous] does not allow Anonymous requests Dec 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robertmclaws robertmclaws

Labels
None yet
Projects
RESTier 2.0
Status: No status
Milestone
2.0
Development

No branches or pull requests
2 participants
@robertmclaws @garaydev