docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon auth0

Quickstarts ASP.NET Core Web API v2.0: Authorization; config differences results in always authorized

Open codermrrob opened this issue 7 years ago • 4 comments

When configuring middleware as well described in the quickstart tutorial:

configuring Mvc services in ConfigureServices(IServiceCollection services) with full Mvc with the line services.AddMvc() works fine.

If only Mvc core is required and configured with services.AddMvcCore() then this results in a situation where authorization is always granted to all endpoints.

The solution is straightforward and we also need to add in authorization at this point with:

services.AddMvcCore()
     .AddAuthorization();

and authorization will work correctly.

This can be a small addition to the quickstart and can save many hours of time, or worse.

codermrrob avatar Dec 25 '18 06:12 codermrrob

@damieng does this add value, make sense to add?

cocojoe avatar Nov 18 '19 21:11 cocojoe

Yes, I'm surprised .AddAuthorization wasn't in the quick-start already.

damieng avatar Nov 18 '19 21:11 damieng

@damieng was this added? not clear if you were taking action. If so please close this issue when confirmed.

cocojoe avatar Nov 26 '19 12:11 cocojoe

Where are you seeing AddMvcCore in the quickstarts? I can only see AddMvc which includes Authorization functionality and doesn't need it brought in separately.

damieng avatar Nov 26 '19 15:11 damieng