当在 ASP.NET 核心 3 中设置身份验证回退策略时,允许匿名访问健康检查端点

Allow anonymouos access to healthcheck endpoint when authentication fallback policy is set in ASP.NET Core 3

asp.net 核心 3 允许设置 FallbackPolicy 以使端点默认安全:

            services.AddAuthorization(options =>
            {
                options.FallbackPolicy = new AuthorizationPolicyBuilder()
                    .RequireAuthenticatedUser()
                    .Build();
            });

这是一个很棒的功能,但我也有一个 HealthCheck 端点,现在需要授权。

            services.AddHealthChecks();
            [...]
            app.UseEndpoints(endpoints => {
                endpoints.MapHealthChecks("/health");
                endpoints.MapControllers();
            });

如何允许匿名访问 HealthCheck 端点(无身份验证或授权)?

您可以在使用 AuthenticationMiddleware 之前调用 HealthCheckMiddleware:

app.Map("/health",appbuilder =>{
    appbuilder.UseMiddleware<HealthCheckMiddleware>();
});
// or 
// app.UseHealthChecks("/health");


app.UseRouting();
// make sure the authentication middleware runs after the health check middleware
app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
    endpoints.MapControllerRoute(
        name: "default",
        pattern: "{controller=Home}/{action=Index}/{id?}");
});

我 运行 遇到了完全相同的问题所以我希望这有助于作为一种更令人满意的实现方式:

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapDefaultControllerRoute().RequireAuthorization();

            endpoints.MapHealthChecks("/health").WithMetadata(new AllowAnonymousAttribute());

        });

从 .NET 5 开始,有一个 new 更清晰的方法 - AllowAnonymous()

app.UseEndpoints(endpoints =>
    {
        endpoints.MapHealthChecks("/health").AllowAnonymous();
    });