Skip to content

Authentication and Authorization

Jump to bottom
Ushakov Michael edited this page Sep 21, 2025 · 4 revisions

General settings

Authentication and authorization are configured in Startup.cs during the Configure operation:

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    ConfigureCulture();
    app.UseAuthentication();
            
    if (env.IsDevelopment())
    {
         app.UseDeveloperExceptionPage();
                
    }
    // todo(UMV) when it will be configured move to under development
    app.UseSwaggerWithKeyCloakAuthentication("Wissance.TestApp", Settings.AuthServer, _scopesValues);

    app.UseRouting();
    app.UseCors("AnyOrigin");
    app.UseAuthorization();
    app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
}

where UseSwaggerWithKeyCloakAuthentication is a this library extension method. You could use another authorization server anyway by configuring it in the Startup.

Authorization use

After authorization is configured you could use attributes to tell whether there should be authorization or not, i.e.

  1. Attributes on controller:
[Authorize(Roles = "Administrator")]
public class AdminController : Controller
{
    // Actions accessible only by users in the "Administrator" role
}

or just [Authorize] without arguments, this case could be easily done with WebApiToolkit but not with one line controller add until !53 is resolved.

  1. Attributes on method


              


          



  
          

            


            
Clone this wiki locally