webapi how to do Authorization?

[halower]

great demo,I can use cookie in mvc 's authorizationhandler,but I use the app to request webapi, how to deal with authorization in asp.netCore? not need cookie？can you help me to answer the question ,thank you

[blowdart]

Authorization doesn't change at all, instead you'd wire up whatever authentication middleware, for example the JWT middleware. That would then create an identity from your bearer token. If you're mixing both cookies and bearer then you can use the ActiveAuthenticationScheme property on the Authorize attribute to select which middleware is used to create the identity, or you can do it inside your policies with policy.AddAuthenticationSchemes(). The scheme name is a property on every authentication middleware you can set during configuration.

[halower]

Thank you, it has been resolve.