Remove Authorize rule for specific API call

Question

I have a WEB Api controller, that has the [Authorize] tag at the top of the controller - which means all API in this class will have this rule applied. Like this:

    [Authorize]
    [RoutePrefix("api/v1/route")]
        public class ItemController : ApiController
    {
/// Etc...

My issue is that for a specific call within this class, I do not want this Auth rule to apply. I am sure I have seen a way of doing this before, but for all my googling I cannot find it. I think it is something like this:

        [HttpPost]
        [Route("singleCall")]
        [NOTAUTH]//whatever should go in here
        public void Log()
        {

Any ideas???

if you leave api without `[Authorize]` then such api treated as `[AllowAnonymous]` no need to add such attribute — er-sho, Mar 12 '19 at 12:02

score 3 · Accepted Answer · answered Mar 12 '19 at 11:54

3

Take a look at [AllowAnonymous].

This page has some examples.

answered Mar 12 '19 at 11:54

Neil

11,059
3
31
56

score 2 · Answer 2 · answered Mar 12 '19 at 12:04

2

You Can use [AllowAnonymous] Attribute. Please refer to this article in order to know how to use them in conjunction with [Authorize] attribute. ASP.NET MVC AllowAnonymous Attribute and Authorize Attribute

answered Mar 12 '19 at 12:04

Nadeem Khoury

886
6
18

Remove Authorize rule for specific API call

2 Answers2