Tel Map


ASP.NET Core 2.0 Disable Authentication in Development Environment

This article describes how to disable authentication for ASP.NET Core 2.0.

ASP.NET Core JWT Authentication

I have some Rest API which I want to protect via JwtBearer token in production e.g.


However in order to test the API, for development I totally want to disable authentication without having to remove all Authorizes in the Controllers.

First Attempt

If you however try something like this:

you will run into the following error:

An unhandled exception occurred while processing the request.

InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.


It took the quite some time to figure out a valid solution. And it is very simpe as well…
What I ended up doing is this:


Now everyone can access the API in development. Hope this helps someone solve this problem.

If you have any questions or further information, please leave a comment below.


19 Replies to “ASP.NET Core 2.0 Disable Authentication in Development Environment”

  1. Martin Navarrete

    Thank you man, I was looking for any solution for this, it was very simple with your explanation but another think to add is that if you are putting the code into the ConfigureServices method you have to declare an use the IHostingEnvironment variable in the Startup constructor.

  2. Stone Robertson

    This technique is indeed simple and elegant. Worked great for me! As Martin N. pointed out, you will not have access to the IHostingEnvironment object in ConfigureServices, so don’t forget to add it as a constructor param for DI.

  3. Sebastian Lindner Post author

    It is IHostingEnvironment env injected into the Configure method by the dependency injection.

  4. Simon Elms

    I, like several others by the looks of things, was confused about where “env” came from, given that the code snippets appeared to be from the Startup.ConfigureServices method which doesn’t have an env parameter.

    Martin Navarrete put me on the right track, you need to add an IHostingEnvironment parameter to the Startup class constructor, then pass that value to a property you can access in the ConfigureServices method.

    Similar to:

    public class Startup
    public IConfiguration Configuration { get; }
    public IHostingEnvironment Environment { get; }

    public Startup(IConfiguration configuration, IHostingEnvironment environment)
    Configuration = configuration;
    Environment = environment;

    public IServiceProvider ConfigureServices(IServiceCollection services)

    services.AddMvc(options =>
    if (Environment.IsDevelopment())
    options.Filters.Add(new AllowAnonymousFilter());

    // Set other options here. For example:
    options.ModelBinderProviders.Insert(0, new UTCDateTimeModelBinderProvider());



  5. Simon Elms

    Whoops, tab indents were stripped, making my code sample a little hard to read. Trying again with spaces instead of tabs:

  6. Pingback: ASP.NET Core disable authentication in development environment - Code Utility - Code Utility

Leave a Reply

Your email address will not be published. Required fields are marked *