Created a project in VS 2019 .Net Core without enabling Authentication. What is the need of Authorization in startup class?

Shakti Singh 20 Reputation points
2023-02-24T09:58:38+00:00

I created a project in VS 2019 without enabling Authentication. When the project got created, startup class had app.UseAuthorization in Configure method.

What is the use of Authorization when there is no Authentication in the first place?

When the user will add Authentication in startup, he/she will also add Authorization if needed.

Please advise.

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,343 questions
0 comments No comments
{count} votes

Accepted answer
  1. Reza Aghaei 4,936 Reputation points MVP
    2023-02-26T03:15:09.17+00:00

    It's really not necessary to be there and if you don't have any authorization, feel free to remove it; But pay attention that you have not chosen any Authentication, but it doesn't necessarily mean you cannot have any Authorization, however in most cases you will not have authorization as well.

    Here is a very quick example, showing a policy-based authorization rule, which doesn't work if you do not have app.AddAuthorization() . In the following code, I've added a /sunday endpoint to the app, which users are only authorized to see on Sundays.

    namespace WebApplication1
    {
        public class Program
        {
            public static void Main(string[] args)
            {
                var builder = WebApplication.CreateBuilder(args);
    
                // Add services to the container.
                builder.Services.AddControllersWithViews();
                /**********************************************/
                builder.Services.AddAuthorization(options =>
                {
                    options.AddPolicy("SundayOnly", policy =>
                        policy.RequireAssertion(context => DateTime.Now.DayOfWeek == DayOfWeek.Sunday));
                });
                /**********************************************/
                var app = builder.Build();
    
                // Configure the HTTP request pipeline.
                if (!app.Environment.IsDevelopment())
                {
                    app.UseExceptionHandler("/Home/Error");
                }
                app.UseStaticFiles();
    
                app.UseRouting();
    
                app.UseAuthorization();
    
                /**********************************************/
                app.MapGet("/sunday", () => "Happy Sunday!").RequireAuthorization("SundayOnly");
                /**********************************************/
    
                app.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Home}/{action=Index}/{id?}");
    
                app.Run();
            }
        }
    }
    
    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful