Open altenstedt opened 4 years ago
Good to demonstrate order of middlewares and how RequireAuthorization(), AllowAnanymous and Authorize attributes works together with default and fallback policy (even if we do not use policies and the Authorize-attribute later on, it is good to know this from the start)
There is updated guidance from Microsoft for 3.1 on how to setup a policy that require all API calls to be authenticated.
We should:
AddAuthorization
https://docs.microsoft.com/en-us/aspnet/core/migration/22-to-30?WT.mc_id=-blog-scottha&view=aspnetcore-3.1&tabs=visual-studio