hi guys,
i have a security related question,
i have created a page with the permission level "Everyone" on it
my expectation is that i do not need to authenticate to access and use this page.
in the partial class of this page i make a request to a server GET function which is similarly used in the page load event
what appears to be happening is that because there is no authorisation token, i cannot access these get data method requests
when i am authenticated however i can access them
is there something i need to add to the page to enable these data method requests when the user is not authenticated?
or... is there a way i can programatically log in / authenticate with a specified user ?
i'm thinking...one possible workaround could be to set up a publically avaialble API controller and serve the required data from that... are there any other thoughts around the place?
okay, this is where i'm up to....
i have created a very small clone of the authenticationController which i'm calling via the partial class.
The API Controller is very simple and is basically a reduced clone of the AuthenticationController
this works well providing the user has logged in previously, however if the user is logged out, then i'm thrown an authorisation token error
is there a trick to updating the token in the partial class that i'm missing?
I am afraid we haven't hit this situation before and don't know what is causing it. In such scenarios we usually suggest to just allow anonymous users get access to the required API via the AllowAnonymous attribute.
okay thanks for the thoughts. i'll let you know how i solve it. i think i just need an updated token from the authentication service to be registered in the client.
if i can do that i'll be right.
