Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • James Jackson-South 489 posts 1747 karma points c-trib
    Nov 03, 2016 @ 23:29
    James Jackson-South
    0

    Authenticating requests from external sources.

    Using Umbraco 7.4.3

    I have a client that want to edit CMS data without navigating to the site and logging in.

    What's the best way to authenticate a POST request to the CMS and what format should the credentials be given in when making that request?

    A code sample would be really useful if you can, this task has come up with very tight time constraints and I've hit a blank spot in my knowledge.

    Cheers

    James

    Copy Link
  • Gavin Faux 15 posts 158 karma points
    Nov 04, 2016 @ 01:44
    Gavin Faux
    0

    Have done similar to fire off tasks from Powershell.

    Posting a rough no error checking Powershell example that authenticates then get's remaining timeout, may help with at least authenticating. 

    $webhost= "http://your.site.com"
$authurl= $webhost + "/umbraco/backoffice/UmbracoApi/Authentication/PostLogin"
$taskurl= $webhost + "/umbraco/backoffice/UmbracoApi/Authentication/GetRemainingTimeoutSeconds"
$cookiejar = New-Object System.Net.CookieContainer
$webrequest = [System.Net.HTTPWebRequest]::Create($authurl);
$webrequest.CookieContainer = New-Object System.Net.CookieContainer;
$webrequest.Method = "POST"
$webrequest.ContentType = "application/json; charset=utf-8";
if ($cookiejar -ne $null) { $webrequest.CookieContainer = $cookiejar }
$stream = [System.IO.Streamwriter] $webrequest.GetRequestStream();
$json = @"
{"username":"userxyz","password":"password1234"}
"@
$stream.Write($json);
$stream.Flush();
$stream.Close();
$response = $webrequest.GetResponse()
$responseStream = $response.GetResponseStream()
$streamReader = New-Object System.IO.Streamreader($responseStream)
$output = $streamReader.ReadToEnd()
Write-Host $output
$taskrequest = [System.Net.HTTPWebRequest]::Create($taskurl)
if ($cookiejar -ne $null) { $taskrequest.CookieContainer=$cookiejar }
$taskrequest.Method = "GET"
$taskresponse = $taskrequest.GetResponse()
$taskresponseStream = $taskresponse.GetResponseStream()
$taskstreamReader = New-Object System.IO.Streamreader($taskresponseStream)
$taskoutput = $taskstreamReader.ReadToEnd()
Write-Host $taskoutput

    I do have a C# example but it's a basic ServiceStack Auth provider against Umbraco back office and once authenticated has no further interaction with Umbraco, hence posting Powershell example.

    Unsure why Umbraco returns the JSON starting with )]}',; I parse it before converting from JSON to a POCO.

    Copy Link
  • Cristhian Amaya 52 posts 423 karma points
    Nov 04, 2016 @ 21:43
    Cristhian Amaya
    0

    The reason for the prefix on the response is for security matters, read the security considerations here: https://code.angularjs.org/1.5.7/docs/api/ng/service/$http

    Copy Link
  • James Jackson-South 489 posts 1747 karma points c-trib
    Nov 06, 2016 @ 22:09
    James Jackson-South
    0

    Thanks for the example.

    Odd that you are sending the username/password via json. I won't be able to get my client to replicate that.

    Copy Link
  • Alan Mac Kenna 147 posts 405 karma points MVP c-trib
    Nov 04, 2016 @ 15:08
    Alan Mac Kenna
    0

    Hey James - have you considered the Umbraco Rest API?

    https://github.com/umbraco/UmbracoRestApi

    Some Code:

    var restClient = new RestClient(Settings.UmbracoUrl);
var request = new RestRequest(String.Format("{0}/content/createorupdate", Settings.RestApiUrl));
request.AddHeader("Authorization", "Bearer " + _umbracoAccessToken);
request.Method = Method.POST;
var body = JsonConvert.SerializeObject(content);
request.AddParameter("application/json", body, ParameterType.RequestBody);
var response = restClient.Execute(request);
    Copy Link
  • James Jackson-South 489 posts 1747 karma points c-trib
    Nov 06, 2016 @ 22:13
    James Jackson-South
    0

    Hi Alan,

    I did yeah, but it seems unfinished and has limited configuration. I have to add authentication to harden up existing API calls so I cannot use the rest routes.

    I'm amazed that this isn't something I cannot easily do out of the box.

    Cheers

    James

    Copy Link
  • Alan Mac Kenna 147 posts 405 karma points MVP c-trib
    Nov 08, 2016 @ 00:41
    Alan Mac Kenna
    0

    Yeah you might be surprised how far you'd get with it. Some are unfinished (e.g. remove content). There is authentication built in with backoffice users so that helps.

    Best

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft