Apr 10, 2018 05:01 AM|noJedi|LINK
Ironically, along my thought of "order of operations" I tried this as a test...
[Authorize(AuthenticationSchemes = "Bearer,Identity.Application")]
and it now works as (I would have) expected...
if you hit the GET on the API and you are logged in and you are in browser, then you get authorized...
If not you get sent to the login page...
if you hit it with POSTMAN (or other tool) then you don't provide the token you are redirect to login as above, but if you have valid token then you are authN (as whatever "requrest" you have provided) and authZ...
So this leads me to question how the "auth" middleware does its thing...
if I have in configureservices:
services.AddIdentity() //as I understand it this adds the Cookies "Identity.Application" auth type...
Does this mean that the OOOps is going to always be "cookies first" (if my tests/conclusions are even on track?!)... if so then can I simply put my "authN" services BEFORE I config aspNet Identity and all will work as I wish, or will this break something