identityserver4 - AllowAnonymous Attribute overridden by IdentityServer Authentication .Net core -

so have asp.net core 1.1 webapi secured identityserver4. works perfectly. however, trying allow controllers accessed without bearer token.

in past add [allowanonymous] controller or end-point, seems identityserver's authentication takes precedence.

i keep getting: "identityserver4.accesstokenvalidation.infrastructure.nopauthenticationmiddleware:information: bearer not authenticated. failure message: no token found."

i want add error received in api's logging , not in identityserver's logging

initially thought relate this: https://github.com/microsoft/aspnet-api-versioning/issues/143 . however, when downgraded 1.0.3 of asp.net core still happens.

anyone know how can around this?

this not error message - says no token found - totally ok.

the request flow anonymously controllers.