Identityserver4: AllowAnonymous: Bearer was not authenticated. Failure message: No token found.

Created on 15 Aug 2017  路  5Comments  路  Source: IdentityServer/IdentityServer4

I have posted this on stack overflow as I thought it might be a question rather than a bug. Can someone please clarify?

So I have a ASP.NET Core 1.1 WebApi secured with IdentityServer4. This works perfectly. However, I am trying to allow certain controllers to be accessed without a bearer token.

In the past I would just add [AllowAnonymous] to the Controller or the end-point, however it seems like IdentityServer's authentication takes precedence.

I keep getting: "IdentityServer4.AccessTokenValidation.Infrastructure.NopAuthenticationMiddleware:Information: Bearer was not authenticated. Failure message: No token found."

I also want to add that the error is received in the API's logging and not in IdentityServer's Logging

Anyone know how I can get around this?

https://stackoverflow.com/questions/45689743/allowanonymous-attribute-overridden-by-identityserver-authentication-net-core

Initially I thought it could relate to this: https://github.com/Microsoft/aspnet-api-versioning/issues/143 . However, even when I downgraded to 1.0.3 of ASP.Net Core it still happens.

question
Source
picture Thejacques1

All 5 comments

It's a logging info message - that's all.

Your authorization rules are not affected by that.

leastprivilege picture leastprivilege on 20 Aug 2017

Thanks. The info is misleading. My issue was something else but "Failure message....." gave me the wrong impression. This should be re-worded

Thejacques1 picture Thejacques1 on 20 Aug 2017

@leastprivilege "It's a logging info message - that's all." Where is it I will do a PR to not show if anonymous. But I can't find the source.

IdentityServer4.AccessTokenValidation.Infrastructure.NopAuthenticationMiddleware I thought that would be the class but I can't find it.

Searching for "was not authenticated" also comes up empty.

StevenTCramer picture StevenTCramer on 17 Sep 2017

Because it is not coming from us - but from the asp.net core authentication system.

leastprivilege picture leastprivilege on 17 Sep 2017
😕3

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 14 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mackie1001 picture mackie1001  路  3Comments
osudude picture osudude  路  3Comments
klioqc picture klioqc  路  3Comments
brockallen picture brockallen  路  3Comments
wangkanai picture wangkanai  路  3Comments