Allow anonymouos access to healthcheck endpoint when authentication fallback policy is set in ASP.NET Core 3

I ran into exactly the same issue so I hope this helps as a more satisfactory way of achieving:

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapDefaultControllerRoute().RequireAuthorization();

            endpoints.MapHealthChecks("/health").WithMetadata(new AllowAnonymousAttribute());

        });

You could invoke the HealthCheckMiddleware before using the AuthenticationMiddleware:

app.Map("/health",appbuilder =>{
    appbuilder.UseMiddleware<HealthCheckMiddleware>();
});
// or 
// app.UseHealthChecks("/health");


app.UseRouting();
// make sure the authentication middleware runs after the health check middleware
app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
    endpoints.MapControllerRoute(
        name: "default",
        pattern: "{controller=Home}/{action=Index}/{id?}");
});