7.2.2 - WebApi UmbracoAuthorize attribute always returns "Authorization has been denied for this request."
I installed a fresh Umbraco 7.2.1. The only thing I created in the solution was this WebApi controller:
[Umbraco.Web.WebApi.UmbracoAuthorize] public class ApiTestController : Umbraco.Web.WebApi.UmbracoApiController { public string GetData() { return "hello"; } }
Hitting that controller (.../umbraco/api/apitest/getdata) returns "hello" as long as I'm also logged into backoffice.
I then upgraded Umbraco to 7.2.2.
Now when trying to hit the controller again (after ensuring I am logged into back office) the controller returns "Authorization has been denied for this request." The user has the "Administrator" user type.
Looking at the change log for 7.2.2 it doesn't appear that anything was changed in this part of Umbraco. So the question is, am I looking at a bug here?
have you hit the controller directly after the upgrade? If so please clear your cache and recycle the application pool. Maybe your browser is in the old session from your previous version.
@Sören - I've just tried to do as you suggest, but I does not help.
Originally the development team I'm in experienced the problem on another Umbraco solution that was upgraded til 7.2.2. So I created a clean standalone Umbraco 7.2.1 solution and upgraded to 7.2.2 to verify the issue. Now, I've just tried installing a fresh 7.2.2 and the issue is also here. So it doesn't appear to be an upgrade issue.
Were you able to solve the problem? Now I have tested it in 7.2.2 and I had a similar issue. But with the link from the umbraco blog I was able to solve it.
Here is the topic in which my solution is described:
@Sören - I got it working. It was a combination of inheriting from UmbracoAuthorizedApiController and using the new (not so well documented) back office url. For me it was not necessary explicitly setting the [IsBackOffice] attribute, as you describe in your topic, since this is inherited from UmbracoAuthorizedApiController.
So, if others stumble upon this thread, the url for accessing back office webapi controllers is: .../umbraco/backoffice/api/{controller}/{action}
Great, thank you for the answer! I'm glad that it is now also works for you. Please can you mark the entry with the solution above as solved so that others simply can directly find the solution?
7.2.2 - WebApi UmbracoAuthorize attribute always returns "Authorization has been denied for this request."
I installed a fresh Umbraco 7.2.1. The only thing I created in the solution was this WebApi controller:
Hitting that controller (.../umbraco/api/apitest/getdata) returns "hello" as long as I'm also logged into backoffice.
I then upgraded Umbraco to 7.2.2.
Now when trying to hit the controller again (after ensuring I am logged into back office) the controller returns "Authorization has been denied for this request." The user has the "Administrator" user type.
Looking at the change log for 7.2.2 it doesn't appear that anything was changed in this part of Umbraco. So the question is, am I looking at a bug here?
Info:
Hi Mads,
have you hit the controller directly after the upgrade? If so please clear your cache and recycle the application pool. Maybe your browser is in the old session from your previous version.
Best,
Sören
@Sören - I've just tried to do as you suggest, but I does not help.
Originally the development team I'm in experienced the problem on another Umbraco solution that was upgraded til 7.2.2. So I created a clean standalone Umbraco 7.2.1 solution and upgraded to 7.2.2 to verify the issue. Now, I've just tried installing a fresh 7.2.2 and the issue is also here. So it doesn't appear to be an upgrade issue.
Hi Mads,
I have already no time to check this in a own 7.2.2.
But maybe this is related to this issue:
http://umbraco.com/follow-us/blog-archive/2014/1/17/heads-up,-breaking-change-coming-in-702-and-62
Hope this helps?
Best,
Sören
Hi Mads,
inherit from UmbracoAuthorizedApiController instead of UmbracoApiController:
Best,
Sören
Hi Mads,
Were you able to solve the problem? Now I have tested it in 7.2.2 and I had a similar issue. But with the link from the umbraco blog I was able to solve it.
Here is the topic in which my solution is described:
https://our.umbraco.org/forum/umbraco-7/developing-umbraco-7-packages/61985-401-unauthorized-from-UmbracoApiController-after-update-to-722?p=0#comment210823
Tell me about it just in case you still have problems, and if I can help you :)
Best.
Sören
@Sören - I got it working. It was a combination of inheriting from UmbracoAuthorizedApiController and using the new (not so well documented) back office url. For me it was not necessary explicitly setting the [IsBackOffice] attribute, as you describe in your topic, since this is inherited from UmbracoAuthorizedApiController.
So, if others stumble upon this thread, the url for accessing back office webapi controllers is: .../umbraco/backoffice/api/{controller}/{action}
Great, thank you for the answer! I'm glad that it is now also works for you. Please can you mark the entry with the solution above as solved so that others simply can directly find the solution?
Best,
Sören
is working on a reply...