Azure authorization - let unauthenticated user call api

Question

I have .net core rest api with azure. I have configured azure authentication for my rest api. I want to add second way to login by passing token in headers. On azure I changed configuration so now application is set to "allow unauthenticated access". I also added middleware logic to check if token is present in headers, then validate token, add user to http context. Locally it works perfectly, but when I deploy it to azure I have problem. No matter what request I send, with or without token I'm always getting redirected to login page. Is it possible to change this ? I would like to validate token on backend and grant access to application based of token passed in headers. As identity provider I use Microsoft.

score 0 · Answer 1 · answered Dec 13 '21 at 13:01

Please check if any of below are causes :

Please check if the url present in authentication redirect url for azure ad is same as the one present in the code request url /redirect url.
The user is confirmed by the presence of the .AspNetCore.Identity.Application cookie .Authentication middleware reads the cookie and subsequently populates the ClaimsPrincipal.For this the app.UseAuthentication call must be before the UseMvc call.So make sure to use app.UseAuthentication() before app.UseMvc() or app.UseAuthorization() and app.UseEndpoints(…).Use cookie authentication without ASP.NET Core Identity | Microsoft Docs
If everything is working locally ,try to set your login redirect to ~/.auth/login/aad?post_login_redirect_url=/api/protectedcontroller/action, and the user will be redirected to this page if login is successful .See this
Also check if you have configured scope for azure ad in code after exposing the api and if you need to inject token header to retrieve token. Have a look at this Tutorial

Please check these References:

Azure authorization - let unauthenticated user call api

1 Answers1