Hello there,
I just can’t figure out why I am doing wrong. The [Authenticate] attribute seems to work but the RequiredRole not.
My service meta data shows that my request (GET/POST) Requires Authentication and Role “Test”.
[Authenticate]
public object Any(SecuredRequest request)
{
return new SecuredResponse() {Result = $“Hello {request.User}”};
}
[Authenticate]
[RequiredRole("Test")]
[Route("/Secured/{User}","POST,GET")]
public class SecuredRequest:IReturn<SecuredResponse>
{
public string User { get; set; }
}
My user is Authenticated but does not have any “Test” role yet I can access the ressource anyway…
{
“iss”: “ssjwt”,
“sub”: 1,
“iat”: 1619795292,
“exp”: 1621004892,
“name”: “jbrabant”,
“preferred_username”: “jbrabant”,
“roles”: [
“Admin”,
“Guest”
],
“perms”: [
“SettingsGeneral”,
“PeReports”
],
“jti”: 1,
“sessionId”: “MD3RXgAkQeEi8S5jGpiy”
}
I have tried using Postman and ServiceStack OpenApi, makes no difference. I am using latest 5.11.0