Update RequireAuthenticatedUser policy to 3.1

Omegapoint / rest-sec-net

Course on secure REST API in ASP.NET Core 2, C#

MIT License

1 stars 0 forks source link

Update RequireAuthenticatedUser policy to 3.1 #17

Open altenstedt opened 4 years ago

altenstedt commented 4 years ago

There is updated guidance from Microsoft for 3.1 on how to setup a policy that require all API calls to be authenticated.

We should:

Setup a fallback policy with AddAuthorization
Setup require authenticated user on controller mapping

https://docs.microsoft.com/en-us/aspnet/core/migration/22-to-30?WT.mc_id=-blog-scottha&view=aspnetcore-3.1&tabs=visual-studio

TobiasAhnoff commented 4 years ago

Good to demonstrate order of middlewares and how RequireAuthorization(), AllowAnanymous and Authorize attributes works together with default and fallback policy (even if we do not use policies and the Authorize-attribute later on, it is good to know this from the start)