I have created a base/rest extension in Umbraco 4.0.3. In my method I am trying to get the current member using Member.GetCurrentMember() but it always returns null. I am using ajax to submit post data to the method and trying to access the current member so I can save the member id along with the data to the database.
Does anyone know why Member.GetCurrentMember() returns null here?
Just a quick update. I have also noticed that adding allowGroup into the restExtensions config file resorts in a "Extension not found or permission denied error". I am assuming this problem and my problem are somehow linked. It seems like for whatever reason Umbraco can't load the currently logged in member under the /base sub-directory.
Could there be a confliction of some sort happening? If anyone has ever experienced this same problem any help would be greatly appreciated.
As I know the base calls does not have the httpContext inside (base is an httphandler) and for that also not the umbraco context. To get the member you have to add the member id to the base call. eg: instead of "/base/callforsomething" you can use "/base/callforsomething/memberid" and fetch the member via member.GetById or so...
Thanks Thomas. I think that solves my first problem.
Do you know why allowGroup and even allowMember wont' work in the rest config even though I am logged in as a member of that group with the same member id?
By the way passing a member id into the call poses a security risk doesn't it? Any member can imitate another by passing in a random id with the javascript call.
Is there anyway to submit post data to a base call ensuring that only the current member ID is used and not another?
Or am I out just out of luck and forced to use non-ajax now?
Hi David, I think Thomas is right with the missing umbraco context. On the other issue you could consider a simple encryption scheme where you pass on an encrypted version of the id as well as a known string encrypted in the same way as the id for validation, i.e.calling base with:
Base and Ajax. GetCurrentMember always null?
Hello All,
I have created a base/rest extension in Umbraco 4.0.3. In my method I am trying to get the current member using Member.GetCurrentMember() but it always returns null. I am using ajax to submit post data to the method and trying to access the current member so I can save the member id along with the data to the database.
Does anyone know why Member.GetCurrentMember() returns null here?
Thanks
Dave
Just a quick update. I have also noticed that adding allowGroup into the restExtensions config file resorts in a "Extension not found or permission denied error". I am assuming this problem and my problem are somehow linked. It seems like for whatever reason Umbraco can't load the currently logged in member under the /base sub-directory.
Could there be a confliction of some sort happening? If anyone has ever experienced this same problem any help would be greatly appreciated.
Thanks
Dave
As I know the base calls does not have the httpContext inside (base is an httphandler) and for that also not the umbraco context. To get the member you have to add the member id to the base call. eg: instead of "/base/callforsomething" you can use "/base/callforsomething/memberid" and fetch the member via member.GetById or so...
hth, Thomas
Thanks Thomas. I think that solves my first problem.
Do you know why allowGroup and even allowMember wont' work in the rest config even though I am logged in as a member of that group with the same member id?
Thanks
Dave
By the way passing a member id into the call poses a security risk doesn't it? Any member can imitate another by passing in a random id with the javascript call.
Is there anyway to submit post data to a base call ensuring that only the current member ID is used and not another?
Or am I out just out of luck and forced to use non-ajax now?
Thanks
Dave
Hi David, I think Thomas is right with the missing umbraco context. On the other issue you could consider a simple encryption scheme where you pass on an encrypted version of the id as well as a known string encrypted in the same way as the id for validation, i.e.calling base with:
/base/callforsomething/memberidEncrypted/knownStringEncrypted
In your base method you decrypt the id and validate that decrypting the knownStringEncrypted results in your knownString.
Just an idea.
>Tommy
Great Idea Tommy. Thank you.
Still no luck with the allowGroup in the rest config file. Always get a "permission denied" error. Is this a known bug?
Ok guys my problem is solved.
For anyone who wants to know how to access session and members from within Base heres the solution.
Write your own HttpModule that implements the IReadOnlySessionState and then modify your web.config for this module.
If anybody wants me to explain in more detail how to do this I will post a detailed explanation later.
+1 for a more detailed explanation :)
I would also like to see your solution to this. Would be nice to get a fix to the core.
is working on a reply...