I have configured a ServiceStack (8.3) application with JwtBearerAuthentication like so in program.cs:

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
    options.Authority = $"https://cognito-idp.{builder.Configuration["AWS:Region"]}.amazonaws.com/{builder.Configuration["AWS:UserPoolId"]}";
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        NameClaimType = "username",
        RoleClaimType = "cognito:groups"
    };
});

I also have this configured in configure.auth.cs:

public void Configure(IWebHostBuilder builder) => builder
    .ConfigureServices((context, services) => {
        services.AddPlugin(new AuthFeature(IdentityAuth.For<ApplicationUser>(options =>
        {
            options.SessionFactory = () => new CustomUserSession();
            options.JwtAuth(x =>
            {
            });
        })));
    });

The Bearer Token is provided in the Authorization header from a standalone nuxt3 application. Endpoints are attributed with the Microsoft.AspNetCore.Authorization.AuthorizeAttribute, and the authentication process works as expected.

Here is an example endpoint definition.

[Authorize]
public async Task<object> Any(MeRequest _)
{
    var session = await GetSessionAsync();
    if (!session.IsAuthenticated)
        throw HttpError.Conflict("You must be authenticated to call this service.");

    return session.ConvertTo<MeResponse>();
}

The ServiceStack CustomUserSession is populated as expected and all works.

I then thought to try replacing the [Authorize] attribute on the Endpoints with the [ValidateIsAuthenticated] attribute on the DTOs instead.

But this does not work. All requests return 401 Not Authenticated responses. Why is that? Does [ValidateIsAuthenticated] work only with ServiceStack Authentication and not ASP.Net Identity Authentication? What am I missing?

The reason I’m asking is because I’m looking to implement the ValidationRules feature (where validation rules are applied via the db), but I first need to get ValidateIsAuthenticated to work.