'.net core API controller does not process identity authentication and authorization
I have a .NETcore MVC project contains controller and API controllers in the same site, which uses basic identity authentication / authorization. The API controllers is designed for local view or potential for other application. I would expect Javascript in local view could call API by passing in the authentication info (which can be seen in the header: aspNetCore.Identity.Application). However, it never reached API and returned 401 error. The same design worked in ASP.NET but broke in ASP.net core.
The following are the attributes of the controller. If I set it to [AllowAnonymous], the User info is not set at all.
[Route("api/[controller]")]
[ApiController]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
[Authorize(Roles = "Admin,User")]
Solution 1:[1]
I figured out how to do this. In the controller, AuthenticationSchemes
can be assigned to multiple authentication schemas.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Jeremy Caney |