0

If we want our ASP.NET Core application to use the default authorization policy on all actions, except X actions, how would we do that, other than defining separate policies/using an Authorization Filter that will filter them based on the request's URI?

To add the default policy to all our endpoints, we can do the following in ConfigureServices method:

app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers()
                .RequireAuthorization();
            });
SpiritBob
  • 2,355
  • 3
  • 24
  • 62

1 Answers1

-1

You can use [AllowAnonymous] above the X actions where you do not want authorization

Bhupesh Khandelwal
  • 71
  • 6
  • That implies no authorization at all will be used on those X actions. I'm asking about making an **exception** to the authorizations we'll be adding, not making them void of any. – SpiritBob Feb 24 '20 at 16:01