Do i need to [Authenticate] on the serverMethodsController.cs

TMRGlobal · October 31, 2023, 12:06am

hi guys,

quick question, i have a number of custom queries which are defined in the serverMethodsController.cs i.e.

 [HttpGet]
        public IActionResult GetSomething(string userId, Guid parentId)
        {
            try
            {
                var result =query.....

                return Ok(System.Text.Json.JsonSerializer.Serialize(result, new JsonSerializerOptions { PropertyNamingPolicy = null }));
            }
            catch (Exception)
            {
                return BadRequest();
            }

        }

for general security of this end point, do i need to include [Authenticate] on it? or is this already taken care of?

also extention to that question, is there a way to make these API's publically available?

enchev · October 31, 2023, 7:17am

You either have publicly available API without [Authenticate] attribute or you have [Authenticate] attribute which will require login.

TMRGlobal · October 31, 2023, 10:48am

thanks @enchev
i have resolved to apply authorization to the entire API service, it might be worth while to note that in the custom query documentation