problem using standard apicontroller in umbraco 7

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Ron G 41 posts 137 karma points

Jun 09, 2015 @ 09:14
0

Problem Using Standard ApiController in Umbraco 7
I'm trying to use the standard /api/ route since our Umbraco backend is IP restricted and we need to create an api endpoint that is accessible from the public.

I have...

/App_Start/WebApiConfig.cs
```
public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{id}",
            defaults: new { id = RouteParameter.Optional }
        );
    }
}
```
Then the controller: TestController.cs
```
public class TestController : ApiController
{
    public IEnumerable<string> GetAll()
    {
        List<string> list = new List<string>();

        list.Add("value1");
        list.Add("value2");

        return list.AsEnumerable();
    }
}
```
When I try to access: /api/test/getall

... I get the standard Umbraco "Page not found" page.

Page not found

No umbraco document matches the url '/page-not-found/?404;http://localhost:61213/api/test/getall'.

This page can be replaced with a custom 404. Check the documentation for "custom 404".

This page is intentionally left ugly ;-)

Tried following the post:

https://our.umbraco.org/forum/developers/api-questions/61025-Production-issue-How-to-access-API-route-when-~umbraco-is-filtered-by-IP-Address-Domain-Restrictions

... but its not working for me.

Any advice?
Copy Link
Benas Brazdziunas 34 posts 156 karma points c-trib

Jun 11, 2015 @ 22:01
0
HI

O believe you need to add your /api/ to web.config file:
```
<add key="umbracoReservedPaths" value="~/umbraco,~/install/,~/bundles/,~/api/" />
```
Copy Link

Ron G 41 posts 137 karma points

Jun 22, 2015 @ 03:34

So updating the umbracoReservedPaths didn't work. What you need to do is register the Web API routes.

        public class WebApiRouteRegistrarHandler : IApplicationEventHandler
    {
        public void OnApplicationInitialized(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext)
        {
        }

        public void OnApplicationStarting(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext)
        {
            WebApiConfig.Register(GlobalConfiguration.Configuration);
        }

        public void OnApplicationStarted(UmbracoApplicationBase umbracoApplication, ApplicationContext applicationContext)
        {
        } 
}

Thanks to Michali for this one!

Copy Link

Sebastiaan Janssen 5061 posts 15544 karma points MVP admin hq

Jun 22, 2015 @ 14:17

0

Is there any reason you don't want to use an UmbracoApiController? It is routed for you automatically (/umbraco/api/ControllerName/Method), publicly accessible and gives you quick access to UmbracoHelper and the Services context. It inherits from ApiController so it's completely default ApiController behavior otherwise, just easy access to Umbraco stuff.

Copy Link
Ron G 41 posts 137 karma points

Jul 22, 2015 @ 21:02

0

Hey,

If we restrict access to the Umbraco admin folder: /umbraco/ ... for security reasons, then the /umbraco/api/ will not be accessible from the public.

Copy Link
Sebastiaan Janssen 5061 posts 15544 karma points MVP admin hq

Jul 23, 2015 @ 07:06
0
Some advise:
- Consider turning on https for the backoffice so that a man-in-the-middle attack is no longer possible
- Consider implementing an http module that doesn't do IP filtering for ~/Umbraco/Surface and ~/Umbraco/Api but does filter any other ~/Umbraco paths
- Consider implementing your own membershipprovider that does IP filtering
- Consider replacing the login page with your own implementation that only works from behind an IP filter (~/Umbraco/Views/common/dialogs/login.html)
- On the UsersMembershipProvider set maxInvalidPasswordAttempts to a fairly low number to avoid brute-force attacks
- Regularly change passwords for backoffice users and make them strong passwords
Copy Link
Ron G 41 posts 137 karma points

Jul 23, 2015 @ 13:08

0

Thank you for the advise. Might want to update the wiki:

If you're particularly security minded, you can restrict access to the /umbraco folder in IIS to just the IP addresses of the company using it and yourself, to prevent unauthorised access to the back end.

https://our.umbraco.org/wiki/recommendations/recommended-reading-for-it-administrators/best-practices-for-live-deployment

Our client followed this and now will not change this because they consider this a best practice to just IP restrict the /umbraco/ folder.

And to be far, IP restricting the /umbraco/ folder is the easiest way to restrict access to the admin.

Copy Link

Steffen Dam 5 posts 25 karma points

Jul 23, 2015 @ 13:12

I just implemented something alike. What I saw, was that you were missing the action on the route entry

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{action}/{id}",
            defaults: new { id = RouteParameter.Optional }
        );
    }
}

Copy Link

Ron G 41 posts 137 karma points

Jul 23, 2015 @ 15:27

0

Interesting... I'll have to give that a try. Looking at the ASP.NET specs, the 'action' is not needed.

http://www.asp.net/web-api/overview/web-api-routing-and-actions/routing-in-aspnet-web-api

Copy Link
is working on a reply...

This forum is in read-only mode while we transition to the new forum.

You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies

Flag this post as spam?

Problem Using Standard ApiController in Umbraco 7