Allow access to single API without Authorization?

Question

I'm sure I'm probably missing something fairly basic, but is there a way to expose ApiController to be accessed without Authorization? Removing [Authorize] or adding [AllowAnonymous] doesn't seem to help.

namespace Backend.Controllers
{
    [MobileAppController, Authorize]
    public class RebuildLocalDatabaseCheckController : ApiController
    {
        [HttpGet, Route("api/LastLocalDatabaseRebuildRequest")]
        [AllowAnonymous]
        public JToken Get()
        {
            return JToken.FromObject(DateTimeOffset.Now);
        }
    }
}

This is for an Azure Mobile App that I've setup for a UWP app. I do want everything else to require authorization, and that part is working fine. I just want to expose this part without needing login from the user.

Answer 1

I have checked your code on my local side and it could work as expected.

For anonymous access, you need to remove the Authorize from your RebuildLocalDatabaseCheckController class for all actions or specify the AllowAnonymous for your specified action. For more details about custom API in azure mobile apps project, you could refer to adrian hall's book here.

Additionally, if you app has been deployed to azure mobile app, for allowing anonymous against your custom API, you need to disable App Service Authentication or enable it with Allow Anonymous requests (no action) as follows:

Additionally, here is a blog about Architecture of Azure App Service Authentication / Authorization, you could refer to it for better understanding of app service authentication / authorization.