Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Murray Roke 453 posts 840 karma points c-trib
    Nov 12, 2018 @ 22:12
    Murray Roke
    0

    Securing a UmbracoAuthorizedApiController by Section or Role

    Hi All,
    I have a custom "Section" aka "Application" and I would like to ensure the API controller that serves content to that section is secured. Lets call my custom section "foo"

    In the users section I can Grant certain roles access to that section foo.

    I can set up my controller to restrict access by role like so:

    [Authorize(Roles = "admin")]
    [PluginController("Example")]
    [IsBackOffice]
    public class FooController : UmbracoAuthorizedApiController
    

    But how do I restrict access by Section? My thinking is I should be putting something like this:

    [Authorize(Sections = "foo")] // does not actually work
    [PluginController("Example")]
    [IsBackOffice]
    public class FooController : UmbracoAuthorizedApiController
    

    Then which roles have access can be managed in the CMS rather than hard coded.

    If there's no simple solution I'll resort to making a "Foo" Group/Role and assign the various users that need access to that role.

    Cheers.
    Murray.

  • Kevin Jump 1525 posts 9754 karma points MVP 3x c-trib
    Nov 18, 2018 @ 15:08
    Kevin Jump
    0

    Hi

    I think you can restrict to section using UmbracoApplicationAuthorize(section) so for example the health check api controllers are restricted to the developer section with :

    [UmbracoApplicationAuthorize(Core.Constants.Applications.Developer)]
    

    Kevin

Please Sign in or register to post replies

Write your reply to:

Draft