ASP.NET Core giving me Code 500 on Forbid()

Question

I tried to solve this for hours now and I can not find anything. Basicly I have a simple controller which roughly looks like this:

[Route(\"v1/lists\")]
publ         


        

Answer 1

Like SignIn, SignOut or Challenge, Forbid relies on the authentication stack to decide what's the right thing to do to return a "forbidden" response: some authentication handlers like the JWT bearer middleware return a 403 response while others - like the cookie middleware - prefer redirecting the user to an "access denied page".

If you don't have any authentication handler in your pipeline, you can't use this method. Instead, use return StatusCode(403).