I'm trying to create a web service that only authenticated users should have access to. I've created a backoffice user for this purpose which I verified the username and password to. I'm trying to test this web service by creating a console application that's connecting to the web service. The problem is that I only get 401 Unauthorized HTTP response. I'm trying to connect with the username and password with basic authentication and encode the username and password with base64 (username:password), I guess this is wrong but I can't find any information on how to do it?
Some code:
The console application that I'm trying to connect to the webservice (with deleted URLs):
HttpClientHandler handler = new HttpClientHandler();
handler.Credentials = new NetworkCredential(userName, password);
HttpClient client = new HttpClient(handler)
{
BaseAddress = new Uri("http://www.myhost.com")
};
client.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/json"));
res = client.DeleteAsync("umbraco/myarea/mycontroller/...").Result;
Console.WriteLine("{0} ({1})", (int)res.StatusCode, res.ReasonPhrase);
The webservice itself:
namespace myproject.Controllers
{
[PluginController("myarea")]
public class UnitApiController : UmbracoAuthorizedApiController
{
public void Delete(string id)
{
// Delete the unit from wisiconnect..
// Some logic
}
}
}
Yes if I remove the authentication part which means I just extend UmbracoApiController instead of UmbracoAuthorizedApiController it works. I did it the same way as the documentation.
If you want to have public authentication for your webapi's you'll need to implement it yourself, OOTB we are only authenticating based on the cookie value (currently). In the future we will provide some auth filters for things like OAuth or BasicAuth that you can attach to your controllers, for now you'll need to write them.
There's a ton of ways to acheive this, if you are using Basic Auth, then you'll have to write your own Auth filter and apply it to your action or controller, there's lots of examples online of how to do that, it's just normal Web Api.
UmbracoAuthorizedApiController is just attributed with our custom auth filter which authenticates based on cookies. You can have a look at the WebSecurity class to do your authentication based on username/passwords, it is exposed on the UmbracoContext.Security.
What you need to be aware of is that the UmbracoAuthorizedApiController exposes a CurrentUser property, this will not work because it is trying to validate the user based on cookie values which you will not have. Your best bet is to not inherit from this controller and inherit from UmbracoApiController, implement your own auth filter (using whatever authentication you like) and validate the user using the WebSecurity class.
Web API authentication
Hello,
I'm trying to create a web service that only authenticated users should have access to. I've created a backoffice user for this purpose which I verified the username and password to. I'm trying to test this web service by creating a console application that's connecting to the web service. The problem is that I only get 401 Unauthorized HTTP response. I'm trying to connect with the username and password with basic authentication and encode the username and password with base64 (username:password), I guess this is wrong but I can't find any information on how to do it?
Some code:
The console application that I'm trying to connect to the webservice (with deleted URLs):
HttpClientHandler handler = new HttpClientHandler(); handler.Credentials = new NetworkCredential(userName, password); HttpClient client = new HttpClient(handler) { BaseAddress = new Uri("http://www.myhost.com") }; client.DefaultRequestHeaders.Accept.Add( new MediaTypeWithQualityHeaderValue("application/json")); res = client.DeleteAsync("umbraco/myarea/mycontroller/...").Result; Console.WriteLine("{0} ({1})", (int)res.StatusCode, res.ReasonPhrase);The webservice itself:
namespace myproject.Controllers { [PluginController("myarea")] public class UnitApiController : UmbracoAuthorizedApiController { public void Delete(string id) { // Delete the unit from wisiconnect.. // Some logic } } }Hello,
Does it work if you remove the authentication and did you do it the same ways as here: http://our.umbraco.org/documentation/Reference/WebApi/
This might also help: http://www.nibble.be/?p=224
Jeroen
Hi and thanks for the answer.
Yes if I remove the authentication part which means I just extend UmbracoApiController instead of UmbracoAuthorizedApiController it works. I did it the same way as the documentation.
Perhaps download the source code and look at the UmbracoAuthorizedApiController to see how it works.
Jeroen
Hi again,
That's what I'm trying to do right now but I can't find where the actual login takes place. Here's the source I'm looking at:
https://github.com/umbraco/Umbraco-CMS/blob/6.1.3/src/Umbraco.Web/WebApi/UmbracoAuthorizedApiController.cs
Any pointers?
Still haven't found anything in the sources, anyone got a suggestion?
Maybe ask Shannon on Twitter. I think he wrote it.
Jeroen
If you want to have public authentication for your webapi's you'll need to implement it yourself, OOTB we are only authenticating based on the cookie value (currently). In the future we will provide some auth filters for things like OAuth or BasicAuth that you can attach to your controllers, for now you'll need to write them.
There's a ton of ways to acheive this, if you are using Basic Auth, then you'll have to write your own Auth filter and apply it to your action or controller, there's lots of examples online of how to do that, it's just normal Web Api.
UmbracoAuthorizedApiController is just attributed with our custom auth filter which authenticates based on cookies. You can have a look at the WebSecurity class to do your authentication based on username/passwords, it is exposed on the UmbracoContext.Security.
What you need to be aware of is that the UmbracoAuthorizedApiController exposes a CurrentUser property, this will not work because it is trying to validate the user based on cookie values which you will not have. Your best bet is to not inherit from this controller and inherit from UmbracoApiController, implement your own auth filter (using whatever authentication you like) and validate the user using the WebSecurity class.
So, Is not possibile to use with JSON remote call?
is working on a reply...