How can I avoid static files from being authenticated?
For every request on a static file (images, .js, .css, etc) a message is logged with "AuthenticationScheme: "Bearer" was not authenticated.". Although the message is just logged when the configuration is set to debug, the resources wasted on this are just unnecessary.
Everything works fine, I just want to avoid checking authentication on these requests. Is there a way to disabled this? I've tried several variations on where the authentication is set on the Configure method, but nothing worked.
This is my current configuration:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
var locOptions = app.ApplicationServices.GetService<IOptions<RequestLocalizationOptions>>();
app.UseRequestLocalization(locOptions.Value);
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
}
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseCors("default");
app.UseAuthentication();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
DataAccessLayer.WebHelpers.Configure(app.ApplicationServices.GetRequiredService<IHttpContextAccessor>());
}
Ok, got it by branching the request pipeline, applying authorization to '/api' path only:
//app.UseAuthentication();
app.MapWhen(x => x.Request.Path.Value.StartsWith("/api"), builder =>
{
builder.UseAuthentication();
builder.UseMvcWithDefaultRoute();
});
app.MapWhen(x => !x.Request.Path.Value.StartsWith("/api"), builder =>
{
builder.UseMvcWithDefaultRoute();
builder.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
});