Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Murray Roke 503 posts 967 karma points c-trib
    Nov 12, 2018 @ 22:12
    Murray Roke
    0

    Securing a UmbracoAuthorizedApiController by Section or Role

    Hi All,
    I have a custom "Section" aka "Application" and I would like to ensure the API controller that serves content to that section is secured. Lets call my custom section "foo"

    In the users section I can Grant certain roles access to that section foo.

    I can set up my controller to restrict access by role like so:

    [Authorize(Roles = "admin")]
[PluginController("Example")]
[IsBackOffice]
public class FooController : UmbracoAuthorizedApiController

    But how do I restrict access by Section? My thinking is I should be putting something like this:

    [Authorize(Sections = "foo")] // does not actually work
[PluginController("Example")]
[IsBackOffice]
public class FooController : UmbracoAuthorizedApiController

    Then which roles have access can be managed in the CMS rather than hard coded.

    If there's no simple solution I'll resort to making a "Foo" Group/Role and assign the various users that need access to that role.

    Cheers.
    Murray.

    Copy Link
  • Kevin Jump 2348 posts 14896 karma points MVP 8x c-trib
    Nov 18, 2018 @ 15:08
    Kevin Jump
    0

    Hi

    I think you can restrict to section using UmbracoApplicationAuthorize(section) so for example the health check api controllers are restricted to the developer section with :

    [UmbracoApplicationAuthorize(Core.Constants.Applications.Developer)]

    Kevin

    Copy Link
  • David Armitage 510 posts 2082 karma points
    Mar 02, 2021 @ 01:39
    David Armitage
    0

    Full documentation can be found here.

    https://our.umbraco.com/documentation/reference/routing/webapi/authorization

    Eg.

    For members [Umbraco.Web.WebApi.MemberAuthorize(AllowType = "Retailers")]

    Form users. [Authorize(Roles = "managers,admin")]

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies