Merge pull request #9231 from abpframework/maliming/AllowAnonymous

Skip authenticate when action allow anonymous.

framework/src/Volo.Abp.AspNetCore.Mvc/Volo/Abp/AspNetCore/Mvc/AspNetCoreApiDescriptionModelProvider.cs

@@ -4,6 +4,7 @@ using System.Linq;
 using System.Reflection;
 using System.Text;
 using JetBrains.Annotations;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Abstractions;
 using Microsoft.AspNetCore.Mvc.ApiExplorer;
@@ -102,6 +103,16 @@ namespace Volo.Abp.AspNetCore.Mvc
 
             Logger.LogDebug($"ActionApiDescriptionModel.Create: {controllerModel.ControllerName}.{uniqueMethodName}");
 
+            bool? allowAnonymous = null;
+            if (apiDescription.ActionDescriptor.EndpointMetadata.Any(x => x is IAllowAnonymous))
+            {
+                allowAnonymous = true;
+            }
+            else if (apiDescription.ActionDescriptor.EndpointMetadata.Any(x => x is IAuthorizeData))
+            {
+                allowAnonymous = false;
+            }
+
             var actionModel = controllerModel.AddAction(
                 uniqueMethodName,
                 ActionApiDescriptionModel.Create(
@@ -109,7 +120,8 @@ namespace Volo.Abp.AspNetCore.Mvc
                     method,
                     apiDescription.RelativePath,
                     apiDescription.HttpMethod,
-                    GetSupportedVersions(controllerType, method, setting)
+                    GetSupportedVersions(controllerType, method, setting),
+                    allowAnonymous
                 )
             );
 

framework/src/Volo.Abp.Http.Client/Volo/Abp/Http/Client/DynamicProxying/DynamicHttpProxyInterceptor.cs

@@ -156,14 +156,17 @@ namespace Volo.Abp.Http.Client.DynamicProxying
 
             AddHeaders(invocation, action, requestMessage, apiVersion);
 
-            await ClientAuthenticator.Authenticate(
+            if (action.AllowAnonymous != true)
-                new RemoteServiceHttpClientAuthenticateContext(
+            {
-                    client,
+                await ClientAuthenticator.Authenticate(
-                    requestMessage,
+                    new RemoteServiceHttpClientAuthenticateContext(
-                    remoteServiceConfig,
+                        client,
-                    clientConfig.RemoteServiceName
+                        requestMessage,
-                )
+                        remoteServiceConfig,
-            );
+                        clientConfig.RemoteServiceName
+                    )
+                );
+            }
 
             var response = await client.SendAsync(
                 requestMessage,

framework/src/Volo.Abp.Http/Volo/Abp/Http/Modeling/ActionApiDescriptionModel.cs

@@ -26,12 +26,14 @@ namespace Volo.Abp.Http.Modeling
 
         public ReturnValueApiDescriptionModel ReturnValue { get; set; }
 
+        public bool? AllowAnonymous { get; set; }
+
         public ActionApiDescriptionModel()
         {
 
         }
 
-        public static ActionApiDescriptionModel Create([NotNull] string uniqueName, [NotNull] MethodInfo method, [NotNull] string url, [CanBeNull] string httpMethod, [NotNull] IList<string> supportedVersions)
+        public static ActionApiDescriptionModel Create([NotNull] string uniqueName, [NotNull] MethodInfo method, [NotNull] string url, [CanBeNull] string httpMethod, [NotNull] IList<string> supportedVersions, bool? allowAnonymous = null)
         {
             Check.NotNull(uniqueName, nameof(uniqueName));
             Check.NotNull(method, nameof(method));
@@ -50,7 +52,8 @@ namespace Volo.Abp.Http.Modeling
                     .GetParameters()
                     .Select(MethodParameterApiDescriptionModel.Create)
                     .ToList(),
-                SupportedVersions = supportedVersions
+                SupportedVersions = supportedVersions,
+                AllowAnonymous = allowAnonymous
             };
         }