Azure AD allow anonymous

Question

Is it possible to use the AllowAnonymous attribute with Windows Azure AD?

I need a part of my web api to be anonymous, but not the actual website.

Any ideas?

Answer 1

Azure AD does not need to support anonymous auth for you to be able to use the AllowAnonymous attribute in your WebAPI.

I believe what you desire is unauthenticated access to some controllers of the WebAPI. It is possible. See this .Net sample: https://github.com/AzureADSamples/WebAPI-ManuallyValidateJwt-DotNet/blob/master/TodoListService-ManualJwt/Global.asax.cs. It validates the token and sets the Thread.CurrentPrincipal if the token is valid and returns an error if it can't find a token.

For your WebAPI

• you wont return an error here - but instead not set the Thread.CurrentPrincipal when no token is present.
• then you will decorate your controllers with Authorize and AllowAnonymous attributes to disallow or allow anonymous access.