0

Please or Register to create posts and topics.

Authorize attrib on controller does not work out of the box?

Hello,

Normally the attribute [Authorize]   on a controller or method allows only logged in users to access the method.

But i cannot make this work? Is this because i need to add a browser client to the list of wellknown  clients ?

What do i miss?

 

If i have my own controller, CarController and in the Index method i return a json list of strings. And that action i would like to allow only for users that are logged in.

 

Second question, is it easy to change the scheme of this project totally to a simple JWTBearer  ? What need to be changed in the SPA Angular in order to make this work?

I would like the authentication work like this tutorial.

https://fullstackmark.com/post/21/user-authentication-and-identity-with-angular-aspnet-core-and-identityserver

services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
{
o.Authority = "http://localhost:5000";
o.Audience = "resourceapi";
o.RequireHttpsMetadata = false;
});

Thanks,