RequiredRole not working

Hello there,
I just can’t figure out why I am doing wrong. The [Authenticate] attribute seems to work but the RequiredRole not.

My service meta data shows that my request (GET/POST) Requires Authentication and Role “Test”.
public object Any(SecuredRequest request)
return new SecuredResponse() {Result = $“Hello {request.User}”};

public class SecuredRequest:IReturn<SecuredResponse>
    public string User { get; set; }

My user is Authenticated but does not have any “Test” role yet I can access the ressource anyway…
“iss”: “ssjwt”,
“sub”: 1,
“iat”: 1619795292,
“exp”: 1621004892,
“name”: “jbrabant”,
“preferred_username”: “jbrabant”,
“roles”: [
“perms”: [
“jti”: 1,
“sessionId”: “MD3RXgAkQeEi8S5jGpiy”

I have tried using Postman and ServiceStack OpenApi, makes no difference. I am using latest 5.11.0

Because the Admin Role (i.e. RoleNames.Admin) is a Super user role, you’ll need to choose a different role if you don’t want the user to have super user access.

1 Like