I am learning Authentication/Authorization in .NET Core MVC.
I am trying to create a controller that can only be accessed by 'Admin', but get the following error.
An unhandled exception occurred while processing the request.
InvalidOperationException: The AuthorizationPolicy named: 'Admin' was not found.
Here's my code. What should I do?
[HttpGet("~/Test")]
[Authorize("Admin")]
public async Task<string> MyMethod()
{
    return await Task<string>.Run(() => "Hello Admin");
}
In line with the documentation here, you have not added the Authorization attribute correctly. This is the correct way to do it.
[HttpGet("~/Test")]
[Authorize(Roles ="Admin")]
public async Task<string> MyMethod()
{
    return await Task<string>.Run(() => "Hello Admin");
}
you can define the matching policy in Startup.cs
services.AddAuthorization(options =>
  {
        options.AddPolicy("Admin",
            authBuilder =>
            {
                authBuilder.RequireRole("Administrators");
            });
 });
the authBuilder has other methods on it, you can require claims or specific user names or custom rules using policy based authorization and control the rules from a central place in Startup https://docs.asp.net/en/latest/security/authorization/policies.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With