Possible to bypass Permission requirements for accessing an API endpoint?
rcholic opened this issue · comments
** Problem: I am trying to create an API endpoint without requiring permissions to access. I created a controller with a method that does not have the MustHavePermission attribute, but it still requires access token when sending API request.
** Proposed Solution: If a method does not have MustHavePermission attribute, the method should be available for public access without access token
Just use allowAnonymous attribute
…________________________________
From: Tony Wang ***@***.***>
Sent: Saturday, June 17, 2023 6:48:58 PM
To: fullstackhero/dotnet-webapi-boilerplate ***@***.***>
Cc: Subscribed ***@***.***>
Subject: [fullstackhero/dotnet-webapi-boilerplate] Possible to bypass Permission requirements for accessing an API endpoint? (Issue #867)
[CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe]
** Problem: I am trying to create an API endpoint without requiring permissions to access. I created a controller with a method that does not have the MustHavePermission attribute, but it still requires access token when sending API request.
** Proposed Solution: If a method does not have MustHavePermission attribute, the method should be available for public access without access token
—
Reply to this email directly, view it on GitHub<https://protect-us.mimecast.com/s/DGGZCW6lyNtZNqns6PMYC?domain=github.com>, or unsubscribe<https://protect-us.mimecast.com/s/OI-CCXD0zOijkKLFVKMd0?domain=github.com>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
@dsolteszopyn answered it. Decorate your Controller with [AllowAnonymous] attribute! This should work