1

I have a Angular version 9.1.9 ClientApp and have .net-core web api. I am using the msal for angular library and azure ad b2c. Is it possible to only protect a specific route i.e. /api/GetProfile but not /api/GetCar ?

My question is not in reference to .net core but rather msal for angular.

"msal": "^1.4.2" "@azure/msal-angular": "^1.1.1"

lightbulb112
  • 123
  • 1
  • 9

1 Answers1

0

Assuming you are using aspnet core mvc, only the methods with a Authorise attribute are secured, if the attribute is on the class all the methods are secured, unless you add the allow anonymous attribute to a method. If you have middleware that enforces security if not explicitly set use the allows anonymous attribute at class or method level

David Hinchliffe
  • 480
  • 2
  • 6
  • I agree, however the issue I'm experiencing is that the MsalInterceptor is intercepting this call and giving me "ClientAuthError: User login is required. For silent calls, request must contain either sid or login_hint". My question is not in reference to .net core but rather msal for angular. – lightbulb112 Nov 04 '20 at 19:35
  • I'm not familiar with MsalInterceptor, but is it possible to use false credentials to get past the MSAL, the web API wont check them if the methods security is disable as above? – David Hinchliffe Nov 04 '20 at 19:39
  • my webapi is secured and working correctly. The problem I am encountering is that what should be a non-protected route is being intercepted and throwing a error in the console. – lightbulb112 Nov 06 '20 at 20:21