Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • David Parr 20 posts 90 karma points
    Jan 27, 2010 @ 13:23
    David Parr
    0

    Base and Ajax. GetCurrentMember always null?

    Hello All,

    I have created a base/rest extension in Umbraco 4.0.3. In my method I am trying to get the current member using Member.GetCurrentMember() but it always returns null. I am using ajax to submit post data to the method and trying to access the current member so I can save the member id along with the data to the database.

    Does anyone know why Member.GetCurrentMember() returns null here?

    Thanks

    Dave

  • David Parr 20 posts 90 karma points
    Jan 27, 2010 @ 13:37
    David Parr
    0

    Just a quick update. I have also noticed that adding allowGroup into the restExtensions config file resorts in a "Extension not found or permission denied error". I am assuming  this problem and my problem are somehow linked. It seems like for whatever reason Umbraco can't load the currently logged in member under the /base sub-directory.

    Could there be a confliction of some sort happening? If anyone has ever experienced this same problem any help would be greatly appreciated.

    Thanks

    Dave

  • Thomas Höhler 1237 posts 1709 karma points MVP
    Jan 27, 2010 @ 13:53
    Thomas Höhler
    0

    As I know the base calls does not have the httpContext inside (base is an httphandler) and for that also not the umbraco context. To get the member you have to add the member id to the base call. eg: instead of "/base/callforsomething" you can use "/base/callforsomething/memberid" and fetch the member via member.GetById or so...

    hth, Thomas

  • David Parr 20 posts 90 karma points
    Jan 27, 2010 @ 14:01
    David Parr
    0

    Thanks Thomas. I think that solves my first problem.

    Do you know why allowGroup and even allowMember wont' work in the rest config even though I am logged in as a member of that group with the same member id?

    Thanks

    Dave

  • David Parr 20 posts 90 karma points
    Jan 27, 2010 @ 14:06
    David Parr
    0

    By the way passing a member id into the call poses a security risk doesn't it? Any member can imitate another by passing in a random id with the javascript call.

    Is there anyway to submit post data to a base call ensuring that only the current member ID is used and not another?

    Or am I out just out of luck and forced to use non-ajax now?

    Thanks

    Dave

  • Tommy Poulsen 514 posts 708 karma points
    Jan 27, 2010 @ 14:38
    Tommy Poulsen
    0

    Hi David, I think Thomas is right with the missing umbraco context. On the other issue you could consider a simple encryption scheme where you pass on an encrypted version of the id as well as a known string encrypted in the same way as the id for validation, i.e.calling base with:

       /base/callforsomething/memberidEncrypted/knownStringEncrypted

    In your base method you decrypt the id and validate that decrypting the knownStringEncrypted results in your knownString.

    Just an idea.

    >Tommy

  • David Parr 20 posts 90 karma points
    Jan 27, 2010 @ 15:03
    David Parr
    0

    Great Idea Tommy. Thank you.

  • David Parr 20 posts 90 karma points
    Jan 27, 2010 @ 16:53
    David Parr
    0

    Still no luck with the allowGroup in the rest config file. Always get a "permission denied" error. Is this a  known bug?

  • David Parr 20 posts 90 karma points
    Jan 27, 2010 @ 18:19
    David Parr
    0

    Ok guys my problem is solved.

    For anyone who wants to know how to access session and members from within Base heres the solution.

    Write your own HttpModule that implements the IReadOnlySessionState and then modify your web.config for this module.

    If anybody wants me to explain in more detail how to do this I will post a detailed explanation later.

  • anthony hall 222 posts 536 karma points
    Jan 28, 2010 @ 12:53
    anthony hall
    0

    +1 for a more detailed explanation :)

  • Morten Bock 1867 posts 2140 karma points MVP 2x admin c-trib
    Feb 08, 2010 @ 00:42
    Morten Bock
    0

    I would also like to see your solution to this. Would be nice to get a fix to the core.

Please Sign in or register to post replies

Write your reply to:

Draft