我在 api 的控制器函数上使用[Authorize]属性，它总是显示数据，这些属性不起作用，当我调试身份用户时，我发现它没有经过身份验证，但它总是发送 json 数据，而它应该发送未经身份验证的响应，任何帮助知道为什么授权属性不起作用吗？

using System;

using System.IO.Compression;

using Microsoft.AspNetCore.Builder;

using Microsoft.AspNetCore.Hosting;

using Microsoft.AspNetCore.ResponseCompression;

using Microsoft.Extensions.DependencyInjection;

using Microsoft.Extensions.Hosting;

using Newtonsoft.Json.Serialization;

using System.Linq;

using System.Security.Cryptography.X509Certificates;

using MedicalDivision.Server.Security;

using Microsoft.Extensions.Configuration;

using Microsoft.AspNetCore.Authentication.JwtBearer;

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Http;

using Microsoft.Extensions.DependencyInjection.Extensions;

namespace test.Server

{

    public class Startup

    {

        private X509Certificate2 Cert { get; }

        private IConfiguration Configuration { get; }

        private IWebHostEnvironment Env { get; }

        private ITokenProvider TokenProvider { get; }

        private PasswordHelper PasswordHelper { get; }

        private IHttpContextAccessor httpContextAccessor { get; }

        private IServiceProvider ServiceProvider { get; }

        public readonly string _myAllowSpecificOrigins = "_myAllowSpecificOrigins";

        public Startup(IConfiguration configuration,IWebHostEnvironment env,IServiceProvider serviceProvider)

        {

            ServiceProvider = serviceProvider;

            Configuration = configuration;

            Env = env;

            Cert = new X509Certificate2(Convert.FromBase64String(Configuration["Auth:Cert:Data"]),  Configuration["Auth:Cert:Password"], X509KeyStorageFlags.MachineKeySet);

            TokenProvider =new JwtTokenProvider(Cert, Configuration,env);

            PasswordHelper = new PasswordHelper();

            httpContextAccessor = ServiceProvider.GetService<IHttpContextAccessor>();

        }