How can I authorize my web api controller in my web site with Bearer token?

1
votes

I have an Asp.Net MVC core application with standard login functionality. I have added a web api controller to my project. I want to authorize the web api controller with bearer token. But only this controller. The rest of my website must work the way it is now. If I have it set in my startup.cs, I mean Bearer token functionality, that works but it destroy my website. I then get error 401. Is it possible to authorize only a controller with bearer token?

1
asp.net-mvcasp.net-coreasp.net-web-apibearer-token
Yes, you just have to decorate your controller method with the [Authorize] attribute. It will limit the token validation to just that method.Rex
I suggest that you could refer to Selecting the scheme with the Authorize attributeRena

1 Answers

1
votes

Rex's comment is accurate. I'm including a code sample that will get you what you want (assuming JWT).

Startup.cs

public void ConfigureServices(IServiceCollection services)
    {
     services
          .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
          .AddJwtBearer(options =>
           {
            options.TokenValidationParameters = new TokenValidationParameters
           {
            // omitted
           };
     });

Your controller

[Authorize(ADD OPTIONAL USER SCOPES/POLICIES)]

Add this attribute and pass-in optional scopes to limit access to specific users.