fullstackhero
Possible to bypass Permission requirements for accessing an API endpoint?
** Problem: I am trying to create an API endpoint without requiring permissions to access. I created a controller with a method that does not have the MustHavePermission attribute, but it still requires access token when sending API request.
** Proposed Solution: If a method does not have MustHavePermission attribute, the method should be available for public access without access token
Just use allowAnonymous attribute
From: Tony Wang @.> Sent: Saturday, June 17, 2023 6:48:58 PM To: fullstackhero/dotnet-webapi-boilerplate @.> Cc: Subscribed @.***> Subject: [fullstackhero/dotnet-webapi-boilerplate] Possible to bypass Permission requirements for accessing an API endpoint? (Issue #867)
[CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe]
** Problem: I am trying to create an API endpoint without requiring permissions to access. I created a controller with a method that does not have the MustHavePermission attribute, but it still requires access token when sending API request.
** Proposed Solution: If a method does not have MustHavePermission attribute, the method should be available for public access without access token
— Reply to this email directly, view it on GitHubhttps://protect-us.mimecast.com/s/DGGZCW6lyNtZNqns6PMYC?domain=github.com, or unsubscribehttps://protect-us.mimecast.com/s/OI-CCXD0zOijkKLFVKMd0?domain=github.com. You are receiving this because you are subscribed to this thread.Message ID: @.***>
@dsolteszopyn answered it. Decorate your Controller with [AllowAnonymous] attribute! This should work
