I'm trying to use the standard /api/ route since our Umbraco backend is IP restricted and we need to create an api endpoint that is accessible from the public.
I have...
/App_Start/WebApiConfig.cs
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
Then the controller: TestController.cs
public class TestController : ApiController
{
public IEnumerable<string> GetAll()
{
List<string> list = new List<string>();
list.Add("value1");
list.Add("value2");
return list.AsEnumerable();
}
}
When I try to access: /api/test/getall
... I get the standard Umbraco "Page not found" page.
Is there any reason you don't want to use an UmbracoApiController? It is routed for you automatically (/umbraco/api/ControllerName/Method), publicly accessible and gives you quick access to UmbracoHelper and the Services context. It inherits from ApiController so it's completely default ApiController behavior otherwise, just easy access to Umbraco stuff.
Thank you for the advise. Might want to update the wiki:
If you're particularly security minded, you can restrict access to the
/umbraco folder in IIS to just the IP addresses of the company using
it and yourself, to prevent unauthorised access to the back end.
Problem Using Standard ApiController in Umbraco 7
I'm trying to use the standard /api/ route since our Umbraco backend is IP restricted and we need to create an api endpoint that is accessible from the public.
I have...
/App_Start/WebApiConfig.cs
Then the controller: TestController.cs
When I try to access: /api/test/getall
... I get the standard Umbraco "Page not found" page.
Tried following the post:
https://our.umbraco.org/forum/developers/api-questions/61025-Production-issue-How-to-access-API-route-when-~umbraco-is-filtered-by-IP-Address-Domain-Restrictions
... but its not working for me.
Any advice?
HI
O believe you need to add your /api/ to web.config file:
So updating the umbracoReservedPaths didn't work. What you need to do is register the Web API routes.
Thanks to Michali for this one!
Is there any reason you don't want to use an
UmbracoApiController
? It is routed for you automatically (/umbraco/api/ControllerName/Method
), publicly accessible and gives you quick access to UmbracoHelper and the Services context. It inherits from ApiController so it's completely default ApiController behavior otherwise, just easy access to Umbraco stuff.Hey,
If we restrict access to the Umbraco admin folder: /umbraco/ ... for security reasons, then the /umbraco/api/ will not be accessible from the public.
Some advise:
~/Umbraco/Surface
and~/Umbraco/Api
but does filter any other~/Umbraco
paths~/Umbraco/Views/common/dialogs/login.html
)UsersMembershipProvider
setmaxInvalidPasswordAttempts
to a fairly low number to avoid brute-force attacksThank you for the advise. Might want to update the wiki:
https://our.umbraco.org/wiki/recommendations/recommended-reading-for-it-administrators/best-practices-for-live-deployment
Our client followed this and now will not change this because they consider this a best practice to just IP restrict the /umbraco/ folder.
And to be far, IP restricting the /umbraco/ folder is the easiest way to restrict access to the admin.
I just implemented something alike. What I saw, was that you were missing the action on the route entry
Interesting... I'll have to give that a try. Looking at the ASP.NET specs, the 'action' is not needed.
http://www.asp.net/web-api/overview/web-api-routing-and-actions/routing-in-aspnet-web-api
is working on a reply...