'.net core API controller does not process identity authentication and authorization

I have a .NETcore MVC project contains controller and API controllers in the same site, which uses basic identity authentication / authorization. The API controllers is designed for local view or potential for other application. I would expect Javascript in local view could call API by passing in the authentication info (which can be seen in the header: aspNetCore.Identity.Application). However, it never reached API and returned 401 error. The same design worked in ASP.NET but broke in ASP.net core.

The following are the attributes of the controller. If I set it to [AllowAnonymous], the User info is not set at all.

[Route("api/[controller]")]

[ApiController]

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]

[Authorize(Roles = "Admin,User")]


Solution 1:[1]

I figured out how to do this. In the controller, AuthenticationSchemes can be assigned to multiple authentication schemas.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Jeremy Caney