When using [Authorize("Permission.View")] on API method, a user that has the "Permission.View" permission granted and on correct tenant, does not get Authorized and I get a 403 error. The app has a separated Auth Server, when using the [Authorize("Permission.View")] in the Auth Server module on the same user, the API returns a 200 response. I have tried restarting redis server to clear cache. Confirmed the user has the "Permission.View" permission granted on user and on the role, also that the correct tenant context is used.
I have tried removing the [Authorize("Permission.View")] from the API method and instead use the following in the method: var isGranted = await _permissionChecker.IsGrantedAsync("Permission.View");. The variable isGranted then returns true. I have gone through ABP example projects to see if there are any differences, but could not find any.
I am using ABP v9.2, .NET v9.0.302, Angular v19 and Node.js v22.17.0.
What could cause the Authorize attribute to work in Auth Server but not in other modules?
