The GiveNTake application is configured to require an authenticated user for all its actions, but some of the actions should be accessible for guests (anonymous users). This is easy to achieve by placing the [Anonymous] attribute before the method or controller. For example, the GiveNTake application allows any user to search for products:
[AllowAnonymous]
[HttpGet("searchcategory/{category}/{subcategory=all}/")]
public async Task<ActionResult<ProductDTO[]>> SearchByCategory(string category, string subcategory, string location = "all",
bool imageOnly = false)
{
...
}
Congratulations! You now have a complete authentication flow—the next step in our journey will be adding authorization and making sure that only authorized users can perform sensitive operations.