Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • James Jackson-South 489 posts 1747 karma points c-trib
    Nov 03, 2016 @ 23:29
    James Jackson-South

    Authenticating requests from external sources.

    Using Umbraco 7.4.3

    I have a client that want to edit CMS data without navigating to the site and logging in.

    What's the best way to authenticate a POST request to the CMS and what format should the credentials be given in when making that request?

    A code sample would be really useful if you can, this task has come up with very tight time constraints and I've hit a blank spot in my knowledge.



  • Gavin Faux 15 posts 158 karma points
    Nov 04, 2016 @ 01:44
    Gavin Faux

    Have done similar to fire off tasks from Powershell.

    Posting a rough no error checking Powershell example that authenticates then get's remaining timeout, may help with at least authenticating.

    $webhost= ""
    $authurl= $webhost + "/umbraco/backoffice/UmbracoApi/Authentication/PostLogin"
    $taskurl= $webhost + "/umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds"
    $cookiejar = New-Object System.Net.CookieContainer
    $webrequest = [System.Net.HTTPWebRequest]::Create($authurl);
    $webrequest.CookieContainer = New-Object System.Net.CookieContainer;
    $webrequest.Method = "POST"
    $webrequest.ContentType = "application/json; charset=utf-8";
    if ($cookiejar -ne $null) { $webrequest.CookieContainer = $cookiejar }
    $stream = [System.IO.Streamwriter] $webrequest.GetRequestStream();
    $json = @"
    $response = $webrequest.GetResponse()
    $responseStream = $response.GetResponseStream()
    $streamReader = New-Object System.IO.Streamreader($responseStream)
    $output = $streamReader.ReadToEnd()
    Write-Host $output
    $taskrequest = [System.Net.HTTPWebRequest]::Create($taskurl)
    if ($cookiejar -ne $null) { $taskrequest.CookieContainer=$cookiejar }
    $taskrequest.Method = "GET"
    $taskresponse = $taskrequest.GetResponse()
    $taskresponseStream = $taskresponse.GetResponseStream()
    $taskstreamReader = New-Object System.IO.Streamreader($taskresponseStream)
    $taskoutput = $taskstreamReader.ReadToEnd()
    Write-Host $taskoutput

    I do have a C# example but it's a basic ServiceStack Auth provider against Umbraco back office and once authenticated has no further interaction with Umbraco, hence posting Powershell example.

    Unsure why Umbraco returns the JSON starting with )]}',; I parse it before converting from JSON to a POCO.

  • Cristhian Amaya 52 posts 423 karma points
    Nov 04, 2016 @ 21:43
    Cristhian Amaya

    The reason for the prefix on the response is for security matters, read the security considerations here:$http

  • James Jackson-South 489 posts 1747 karma points c-trib
    Nov 06, 2016 @ 22:09
    James Jackson-South

    Thanks for the example.

    Odd that you are sending the username/password via json. I won't be able to get my client to replicate that.

  • Alan Mac Kenna 147 posts 405 karma points MVP c-trib
    Nov 04, 2016 @ 15:08
    Alan Mac Kenna

    Hey James - have you considered the Umbraco Rest API?

    Some Code:

    var restClient = new RestClient(Settings.UmbracoUrl);
    var request = new RestRequest(String.Format("{0}/content/createorupdate", Settings.RestApiUrl));
    request.AddHeader("Authorization", "Bearer " + _umbracoAccessToken);
    request.Method = Method.POST;
    var body = JsonConvert.SerializeObject(content);
    request.AddParameter("application/json", body, ParameterType.RequestBody);
    var response = restClient.Execute(request);
  • James Jackson-South 489 posts 1747 karma points c-trib
    Nov 06, 2016 @ 22:13
    James Jackson-South

    Hi Alan,

    I did yeah, but it seems unfinished and has limited configuration. I have to add authentication to harden up existing API calls so I cannot use the rest routes.

    I'm amazed that this isn't something I cannot easily do out of the box.



  • Alan Mac Kenna 147 posts 405 karma points MVP c-trib
    Nov 08, 2016 @ 00:41
    Alan Mac Kenna

    Yeah you might be surprised how far you'd get with it. Some are unfinished (e.g. remove content). There is authentication built in with backoffice users so that helps.


Please Sign in or register to post replies

Write your reply to: