Securing a UmbracoAuthorizedApiController by Section or Role
Hi All,
I have a custom "Section" aka "Application" and I would like to ensure the API controller that serves content to that section is secured. Lets call my custom section "foo"
In the users section I can Grant certain roles access to that section foo.
I can set up my controller to restrict access by role like so:
[Authorize(Roles = "admin")]
[PluginController("Example")]
[IsBackOffice]
public class FooController : UmbracoAuthorizedApiController
But how do I restrict access by Section?
My thinking is I should be putting something like this:
[Authorize(Sections = "foo")] // does not actually work
[PluginController("Example")]
[IsBackOffice]
public class FooController : UmbracoAuthorizedApiController
Then which roles have access can be managed in the CMS rather than hard coded.
If there's no simple solution I'll resort to making a "Foo" Group/Role and assign the various users that need access to that role.
Securing a UmbracoAuthorizedApiController by Section or Role
Hi All,
I have a custom "Section" aka "Application" and I would like to ensure the API controller that serves content to that section is secured. Lets call my custom section "foo"
In the users section I can Grant certain roles access to that section foo.
I can set up my controller to restrict access by role like so:
But how do I restrict access by Section? My thinking is I should be putting something like this:
Then which roles have access can be managed in the CMS rather than hard coded.
If there's no simple solution I'll resort to making a "Foo" Group/Role and assign the various users that need access to that role.
Cheers.
Murray.
Hi
I think you can restrict to section using
UmbracoApplicationAuthorize(section)so for example the health check api controllers are restricted to the developer section with :Kevin
Full documentation can be found here.
https://our.umbraco.com/documentation/reference/routing/webapi/authorization
Eg.
For members [Umbraco.Web.WebApi.MemberAuthorize(AllowType = "Retailers")]
Form users. [Authorize(Roles = "managers,admin")]
is working on a reply...