Authentication and Authorization

Wolverine.HTTP endpoints are just routes within your ASP.Net Core application, and will happily work with all existing ASP.Net Core middleware. Likewise, the built int [AllowAnonymous] and [Authorize] attributes from ASP.Net Core are valid on Wolverine HTTP endpoints.

To require authorization on all endpoints (which is overridden by [AllowAnonymous]), use this syntax:

csharp

app.MapWolverineEndpoints(opts =>
{
    opts.RequireAuthorizeOnAll();
});

or more selectively, the code above is just syntactical sugar for:

/// <summary>
/// Equivalent of calling RequireAuthorization() on all wolverine endpoints
/// </summary>
public void RequireAuthorizeOnAll()
{
    ConfigureEndpoints(e => e.RequireAuthorization());
}

^{snippet source | anchor}

Authentication and Authorization #

Authentication and Authorization