Explicitly ignore provided token for Controller action

Question

A little background for this question, we have configured an OnTokenValidated event for our preferred Authorization scheme in the following fashion.

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(builder =>
        {
            builder.Events = new JwtBearerEvents
            {
                OnTokenValidated = ctx =>
                {
                    DoSomething(ctx);
                    return Task.CompletedTask;
                }
            }
        });
}

But there are some Controller actions where we don't want this event to be triggered. However we found that even if the controller has [AllowAnonymous], if a Bearer token is provided, the token will still be verified and this event is triggered.

Is there another mechanism to instruct the ASP.NET Core middleware to skip validating a token, even if it is provided?

Maybe have a look at this answer: https://stackoverflow.com/a/57045827/14072498 — Roar S., Feb 24 '21 at 16:58
Where do you provide the bearer token, in header or query? It did not trigger the event locally. — Karney., Feb 25 '21 at 09:24
The token is provided in the Authorization header with `Bearer #token` — Nino van der Mark, Apr 08 '21 at 08:35

Explicitly ignore provided token for Controller action

0 Answers0