Who is authenticated user

Question

Documentation says that the controller class function with the annotation [Authorize] is authenticated.
e.g.

[Authorize]  
        [HttpGet("{id:int}")]  
        public ActionResult<AccountResponse> GetById(int id)  

{
}

Does authenticated user mean that the user has logged in and has in the requests a header:
Authorization: Bearer ${JwtToken}

Is that true?

Answer 1

Hi @Janusz Dalecki ,

Does authenticated user mean that the user has logged in and has in the requests a header:
Authorization: Bearer ${JwtToken}

Is that true?

It depends on which kind of authentication you are using.

If the application was configured to use JWT authentication, in this scenario, as you said, the request needs to add the Authorization header, and the authenticated user mean that the user has logged in and request has the JWT token.

But if the application was configured to use Cookie authentication, then the user identity information will be stored in the request cookies. In this scenario, it will not use the Authorization header.

More detail information, you can refer to the following tutorials and check configuration in the Program.cs file:

JWT Authentication In ASP.NET Core

JWT Token Authentication And Authorizations In .Net Core 6.0 Web API

Use cookie authentication without ASP.NET Core Identity

Introduction to Identity on ASP.NET Core (By default, Asp.net core Identity will use cookie authentication).

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,
Dillion