I have created a sample Web API in .Net Core 5.0, it has two GET & one POST method. Also, I have created one async Authorization filter having a Service layer dependency using IAsyncAuthorizationFilter interface, in the filter, I am calling a dummy service method that returns a response after some delay.
The idea is to check whether the filter is working fine or not for those methods in which AllowAnonymous is not applied. The Post method is for login (in this AllowAnonymous is applied), in which I am returning jwt token in a httponly cookie. The two GET methods are to check whether Authorize filter is working or not. So, I have applied the custom Authorization filter at the controller level & applied the AllowAnonymous attribute only on the login method. Moreover, when I created this project in Visual Studio, I mistakenly kept the Enable Https checkbox checked because of which now every time when I run the API from VS, it's asking for an SSL certificate & a popup appears with Yes or No. I just click on "NO" & then proceed. The swagger UI shows up in the browser & I try to hit the methods.
But I am facing a strange problem. When I try to call the GET methods, the authorization filter is getting invoked but after that, the GET action methods are not getting invoked at all & hence not returning any response. But the login method is getting invoked as it has AllowAnonymous applied to it. What may be the issue? I am totally confused.