My question is does AuthenticationHandler or a derived AuthenticationHandler is been invoked on AllowAnonymous routes?
In our application we use custom authentication flows for the applications. All of those flows include default Bearer Authentication as our custom authentication handler that extends on JwtBearerHandler (Well at least this is a plan for the implementation)
public class ApplicationAuthenticationHandler : JwtBearerHandler
Before digging deeper into this I wanted to understand if these handlers will be invoked on AllowAnonymous routes or I would have to check for those routes manually or perhaps register Authentication in some custom way for these handlers not to be triggered on those routes.
Thank you!
To answer my own question, as long as you use UseAuthentication default or custom authentication handlers will be triggered even on AllowAnonymous. So you you would have to handle your allow anonyms routes in side of your custom authentication handler if you need to authentication user in any other way other than default handlers.