C
C#6mo ago
SirCypkowskyy

Bearer token is not used by Swagger for endpoints with [authorize], but used for [AllowAnonymous]

Hey! Yesterday while working on a project for university I encountered a strange bug, which can be seen in the screens below: - When an endpoint is marked with the [Authorize] attribute, even if a Bearer Token is specified in Swagger, this Token will not be used in the execution of the request. - If we use the [AllowAnonymous] attribute instead of [Authorize], the Bearer Token will be sent in the request. The described behaviour can be seen in the screenshots. Does anyone know what might be generating it? And how can I fix it?
No description
No description
No description
No description
No description
4 Replies
SirCypkowskyy
SirCypkowskyyOP6mo ago
my Program.cs

message.txt

SirCypkowskyy
SirCypkowskyyOP6mo ago
endpoint in UserController.cs 
 /// <summary>
    /// Zwraca informacje o zalogowanym użytkowniku
    /// </summary>
    /// <returns>
    /// Informacje o zalogowanym użytkowniku
    /// </returns>
    [HttpGet("auth/self")]
    // [Authorize(AuthenticationSchemes = "Bearer")]
    [AllowAnonymous]
    public async Task<IActionResult> GetSelfInfoAsync()
    {
        var user = User;
        var claims = user.Claims;
        
        _logger.LogInformation("User {Username} requested self info", user.FindFirstValue(ClaimTypes.Name));
        _logger.LogDebug("User {Username} requested self info with claims: {Claims}", user.FindFirstValue(ClaimTypes.Name), claims);
        
        var userId = user.FindFirstValue(ClaimTypes.NameIdentifier) ?? throw new UnauthorizedAccessException("User not found");
        var userIdAsGuid = Guid.Parse(userId);
        
        return Ok(new UserJwtInfoResponseDTO()
        {
            Username = user.FindFirstValue(ClaimTypes.Name),
            Email = user.FindFirstValue(ClaimTypes.Email),
            Role = user.FindFirstValue(ClaimTypes.Role)
        });
    }
 /// <summary>
    /// Zwraca informacje o zalogowanym użytkowniku
    /// </summary>
    /// <returns>
    /// Informacje o zalogowanym użytkowniku
    /// </returns>
    [HttpGet("auth/self")]
    // [Authorize(AuthenticationSchemes = "Bearer")]
    [AllowAnonymous]
    public async Task<IActionResult> GetSelfInfoAsync()
    {
        var user = User;
        var claims = user.Claims;
        
        _logger.LogInformation("User {Username} requested self info", user.FindFirstValue(ClaimTypes.Name));
        _logger.LogDebug("User {Username} requested self info with claims: {Claims}", user.FindFirstValue(ClaimTypes.Name), claims);
        
        var userId = user.FindFirstValue(ClaimTypes.NameIdentifier) ?? throw new UnauthorizedAccessException("User not found");
        var userIdAsGuid = Guid.Parse(userId);
        
        return Ok(new UserJwtInfoResponseDTO()
        {
            Username = user.FindFirstValue(ClaimTypes.Name),
            Email = user.FindFirstValue(ClaimTypes.Email),
            Role = user.FindFirstValue(ClaimTypes.Role)
        });
    }
SirCypkowskyy
SirCypkowskyyOP6mo ago
Nevermind, I found the reason why it didn't work. For some reason, adding opts.OperationFilter<SecurityRequirementsOperationFilter>(); to the Swagger config disabled attaching bearer token to the request, when it had [Authorize] attribute on itself.
No description
Unknown User
Unknown User6mo ago
Message Not Public
Sign In & Join Server To View
Want results from more Discord servers?
Add your server