Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Murray Roke 486 posts 908 karma points c-trib
    Nov 12, 2018 @ 22:12
    Murray Roke

    Securing a UmbracoAuthorizedApiController by Section or Role

    Hi All,
    I have a custom "Section" aka "Application" and I would like to ensure the API controller that serves content to that section is secured. Lets call my custom section "foo"

    In the users section I can Grant certain roles access to that section foo.

    I can set up my controller to restrict access by role like so:

    [Authorize(Roles = "admin")]
    public class FooController : UmbracoAuthorizedApiController

    But how do I restrict access by Section? My thinking is I should be putting something like this:

    [Authorize(Sections = "foo")] // does not actually work
    public class FooController : UmbracoAuthorizedApiController

    Then which roles have access can be managed in the CMS rather than hard coded.

    If there's no simple solution I'll resort to making a "Foo" Group/Role and assign the various users that need access to that role.


  • Kevin Jump 2243 posts 14379 karma points MVP 6x c-trib
    Nov 18, 2018 @ 15:08
    Kevin Jump


    I think you can restrict to section using UmbracoApplicationAuthorize(section) so for example the health check api controllers are restricted to the developer section with :



  • David Armitage 495 posts 2058 karma points
    Mar 02, 2021 @ 01:39
    David Armitage

    Full documentation can be found here.


    For members [Umbraco.Web.WebApi.MemberAuthorize(AllowType = "Retailers")]

    Form users. [Authorize(Roles = "managers,admin")]

Please Sign in or register to post replies

Write your reply to: