respect allowanonymous on scim auth (#2173)

bitwarden_license/src/Scim/Controllers/InfoController.cs

@@ -1,8 +1,10 @@
 using Bit.Core.Utilities;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Bit.Scim.Controllers
 {
+    [AllowAnonymous]
     public class InfoController : Controller
     {
         [HttpGet("~/alive")]

bitwarden_license/src/Scim/Utilities/ApiKeyAuthenticationHandler.cs

@@ -5,6 +5,7 @@ using Bit.Core.Repositories;
 using Bit.Scim.Context;
 using IdentityModel;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.Options;
 
 namespace Bit.Scim.Utilities
@@ -32,6 +33,12 @@ namespace Bit.Scim.Utilities
 
         protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
         {
+            var endpoint = Context.GetEndpoint();
+            if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
+            {
+                return AuthenticateResult.NoResult();
+            }
+
             if (!_scimContext.OrganizationId.HasValue || _scimContext.Organization == null)
             {
                 Logger.LogWarning("No organization.");