AllowAnonymous with .NET MVC and OWIN context

Question

I have .NET MVC application with OWIN Middleware.

The issue I'm facing right now is I'm not able by pass middleware logic for AllowAnonymous.

By default all the requests are forwarded to Middleware and I've to bypass some of the public requests from this middleware.

here is some of my code, it also contains commented code with what I tried so far.

public override async Task Invoke(IOwinContext context)
{
    try
    {
        // I tried this below code but not able to make it working as my context is owin 

        // var anonActionAttributes = context.ActionDescriptor.GetCustomAttributes(typeof(System.Web.Mvc.AllowAnonymousAttribute), true);
        // bool hasAllowAnonymous = context.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute)).Any();
        // var allowAnonymous = context.ActionDescriptor.EndpointMetadata.OfType<AllowAnonymousAttribute>().Any();
        
        var token = context.Request.Cookies["token"];
        
        if (!string.IsNullOrEmpty(token))
        {
            
        }
    }
    catch (Exception ex)
    {       
        Log.Error(ex);
    }

    await Next.Invoke(context);
}

I'm struggling with the same issue. I'm writing custom OWIN middleware that needs to determine whether the endpoint being requested is decorated with [AllowAnonymous]. The closest I've come so far is that the user claims collection in the OwinContext for endpoints with AllowAnonymous has a single claim issued by "LOCAL AUTHORITY", whereas requests to protected endpoints contain all of the user's claims (from the incoming bearer token in this case) Seems like there should be a simpler and more universal way to find this within the IOwinContext object — Chris Brenberg, Mar 15 '23 at 17:28

AllowAnonymous with .NET MVC and OWIN context

0 Answers0