With an Azure API App, is there a way to have a mix of authentication levels for different endpoints in the underlying Web API?
I want the API App to have access level of 'Public (authenticated)' but one of the endpoints needs to be accessible as an anonymous user. Previously I would have just applied the AllowAnonymous attribute on the method, but the gateway still intercepts and returns an unauthenticated response.
The only other thing I can think of is to set the API App to 'Public (anonymous)' and then use the usual Authorize attribute on the Web API, but not entirely sure how this would play out with the Gateway handling authentication in the Azure App Service model.
Unfortunately, there isn't a way to do this today, unless you handle the authentication yourself, just like you described.
You'll still get all the benefits of App Service and Swagger but just not the Authentication on the Gateway.
This is a good suggestion to track, please post your ideas at our Uservoice feedback forum