You need to log in to create posts and topics.

Authorize attrib on controller does not work out of the box?


Normally the attribute [Authorize]   on a controller or method allows only logged in users to access the method.

But i cannot make this work? Is this because i need to add a browser client to the list of wellknown  clients ?

What do i miss?


If i have my own controller, CarController and in the Index method i return a json list of strings. And that action i would like to allow only for users that are logged in.


Second question, is it easy to change the scheme of this project totally to a simple JWTBearer  ? What need to be changed in the SPA Angular in order to make this work?

I would like the authentication work like this tutorial.


services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(o =>
o.Authority = "http://localhost:5000";
o.Audience = "resourceapi";
o.RequireHttpsMetadata = false;