0

I've enabled Windows authentication as described here

It all works fine, there's just a tiny issue: Doing so makes every controller method protected by windows authentication. NO problem I thought, just use the [AllowAnonymous] adorner on the few controller methods where anonymous access is okay, but that won't work.

Is there any way to get the self-host to not authorized every method on every controller?

user3566056
  • 224
  • 1
  • 12

1 Answers1

2

You have to enable Windows auth and anonymous auth. documentation. As is, you have told Owin to require Windows auth and disallow anything else.

In the code you cited, you would change this:

listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication 
                               | AuthenticationSchemes.Anonymous;
  • Not only does this work, it also enables the [Authorize] flag to work as expected so I can now freely decide which controllers / controller methods should authorize and which should not. – user3566056 Aug 04 '17 at 07:58