This element appears in the documentation of adding REST services to B2C, e.g.: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw I am not clear what it means.
2
votes
1 Answers
5
votes
Given that it isn't the best practice to allow anonymous authentication from Azure AD B2C to a REST API -- although anonymous authentication might be needed for a REST API that doesn't support secure authentication -- then the AllowInsecureAuthInProduction setting has to be added (as a "fail-closed" switch) to enable you to set the AuthenticationType setting to None.
Therefore, the following settings are valid:
<Metadata>
<Item Key="AllowInsecureAuthInProduction">true</Item>
<Item Key="AuthenticationType">None</Item>
</Metadata>
And, the following settings are invalid:
<Metadata>
<Item Key="AllowInsecureAuthInProduction">false</Item>
<Item Key="AuthenticationType">None</Item>
</Metadata>
