Hello all,
(I have followed (to the best of my ability) the WebAPI quickstart documentation in order to get to this point.)
I am running into an issue that seems to indicate that the [AllowAnonymous] attribute is required on the controller even when I am successfully logged in.
Without [AllowAnonymous]:
- Non [Authorize] methods work as expected
- [Authorize] methods redirects to sign-in, once signed in I receive a 403 even though I have the required permission
With [AllowAnonymous]:
- Non [Authorize] methods work as expected
- [Authorize] methods redirects to sign-in, they work as expected
Is this intended behavior? Or have I misunderstood/mis-configured something?
Appreciate any help and thank you in advance!