I have ASP.NET web API and I wanted to apply multiple authorization schemes to one controller method. For my use case, I wanted to allow Data() access to all users with /api/AData url but only b_data_user can access /api/BData.
I tried below code and it did not allow to access /api/AData for any user. (users are not in b_data_user)
I understand this is not ideal way and I should split the Data() method and apply two authorization schema for /api/Adata and /api/BData.
[Route("~/api/AData")]
[Route("~/api/BData"), Authorize(Roles = "b_data_user")]
[HttpGet]
public HttpResponseMessage Data([FromBody] object[] parameter)
{
var method = new Uri(Request.RequestUri.ToString()).LocalPath.Replace("/api/", "").ToUpper();
if(method =="AData")
//No restriction for AData
// Some logic to call AData
else if(method =="BData")
//Only users from b_data_user can access this functionality
//Some logic to call BData
}