Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Murray Roke 502 posts 965 karma points c-trib
    Nov 12, 2018 @ 22:12
    Murray Roke
    0

    Securing a UmbracoAuthorizedApiController by Section or Role

    Hi All,
    I have a custom "Section" aka "Application" and I would like to ensure the API controller that serves content to that section is secured. Lets call my custom section "foo"

    In the users section I can Grant certain roles access to that section foo.

    I can set up my controller to restrict access by role like so:

    [Authorize(Roles = "admin")]
    [PluginController("Example")]
    [IsBackOffice]
    public class FooController : UmbracoAuthorizedApiController
    

    But how do I restrict access by Section? My thinking is I should be putting something like this:

    [Authorize(Sections = "foo")] // does not actually work
    [PluginController("Example")]
    [IsBackOffice]
    public class FooController : UmbracoAuthorizedApiController
    

    Then which roles have access can be managed in the CMS rather than hard coded.

    If there's no simple solution I'll resort to making a "Foo" Group/Role and assign the various users that need access to that role.

    Cheers.
    Murray.

  • Kevin Jump 2309 posts 14673 karma points MVP 7x c-trib
    Nov 18, 2018 @ 15:08
    Kevin Jump
    0

    Hi

    I think you can restrict to section using UmbracoApplicationAuthorize(section) so for example the health check api controllers are restricted to the developer section with :

    [UmbracoApplicationAuthorize(Core.Constants.Applications.Developer)]
    

    Kevin

  • David Armitage 503 posts 2071 karma points
    Mar 02, 2021 @ 01:39
    David Armitage
    0

    Full documentation can be found here.

    https://our.umbraco.com/documentation/reference/routing/webapi/authorization

    Eg.

    For members [Umbraco.Web.WebApi.MemberAuthorize(AllowType = "Retailers")]

    Form users. [Authorize(Roles = "managers,admin")]

Please Sign in or register to post replies

Write your reply to:

Draft