Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Valerie 67 posts 163 karma points
    Sep 03, 2015 @ 08:37
    Valerie
    0

    Rest Api Setup

    Hello,

    I've installed the REST API nuget package to a 7.3 site but it is saying "Authorization has been denied for this request."

    I want to run it on a local iis site - what do I need to do to configure this? I'm a bit lost!

  • Alexander Brückner 8 posts 75 karma points
    Sep 16, 2015 @ 14:11
    Alexander Brückner
    0

    Hello everybody,

    i also need help to set up an REST API Demo. Same Problem "Authorization has been denied for this request.". HAL Browser works fine...

    Can anyone help?

    Thanks in advance Alex

  • Sören Deger 733 posts 2844 karma points c-trib
    Sep 17, 2015 @ 08:28
    Sören Deger
    0

    Hello,

    we have the same problem. Is there somewhere a description how to setup the authorization for the REST API?

    Thanks in advance :)

    Cheers,

    Sören

  • Alexander Brückner 8 posts 75 karma points
    Sep 18, 2015 @ 12:06
    Alexander Brückner
    2

    I have the solution... ist quite simple

    1. You have to update the owin:appStartup in the webconfig to value="UmbracoStandardOwinStartup".

    After that you have to edit the file \App_Start\UmbracoStandardOwinStartup.cs

    Uncommented this line

    app.UseUmbracoBackOfficeTokenAuth(new BackOfficeAuthServerProviderOptions());
    

    And add the following lines

    app.ConfigureUmbracoRestApi(new UmbracoRestApiOptions()
            {
                //Modify the CorsPolicy as required
                CorsPolicy = new CorsPolicy()
                {
                    AllowAnyHeader = true,
                    AllowAnyMethod = true,
                    AllowAnyOrigin = true,                   
                }
            });
    

    Don't forget the reference to using Umbraco.RestApi; using System.Web.Cors;

    1. Now you have to generate an access token. I used the Chrome Extension POSTMAN.

    Here ist my Postman Sample...

    {
    "version": 1,
    "collections": [{
        "id": "cfd33fd3-57d7-99f1-23b8-d36add5f52fb",
        "name": "umbraco restapi",
        "timestamp": 1434609445329,
        "requests": [{
            "collectionId": "cfd33fd3-57d7-99f1-23b8-d36add5f52fb",
            "id": "a1f45fe0-9ece-aae4-f1a8-f5339065ecdb",
            "name": "login",
            "description": "",
            "url": "http://localhost:49199/umbraco/oauth/token",
            "method": "POST",
            "headers": "",
            "data": [{
                "key": "grant_type",
                "value": "password",
                "type": "text"
            }, {
                "key": "username",
                "value": "[email protected]",
                "type": "text"
            }, {
                "key": "password",
                "value": "password",
                "type": "text"
            }, {
                "key": "client_id",
                "value": "umbraco",
                "type": "text"
            }, {
                "key": "client_secret",
                "value": "",
                "type": "text"
            }],
            "dataMode": "urlencoded",
            "timestamp": 0,
            "responses": [],
            "version": 2
        }]
    }],
    "environments": [],
    "headerPresets": [],
    "globals": []
    

    }

    The response ist something like that... (example, the token will be much larger):

    { "accesstoken": "1MqtRPMSrOSvcuJdrCsMxDwyBHySaW5lLbyl5", "tokentype": "bearer", "expires_in": 86399 }

    Copy the Token and add the following line into the HAL Browser as an 'Custom Request Headers'

    Authorization: Bearer 1MqtRPMSrOSvcuJdrCsMxDwyBHySaW5lLbyl5

  • Sören Deger 733 posts 2844 karma points c-trib
    Sep 18, 2015 @ 13:05
    Sören Deger
    0

    Hi Alex,

    great! Thank you for sharing your solution :-)

    Cheers, Sören

  • Shannon Deminick 1526 posts 5272 karma points MVP 3x
    Sep 21, 2015 @ 09:00
    Shannon Deminick
    1

    It depends on how you are using the RestApi (and we will of course add docs before we release the first version once Umb 7.3 is out the door).

    If you are using it inside of your own site (i.e. making JS requests on the same domain), then the normal cookie auth will just work for your logged in users (which is probably why your HAL browser worked fine). However, if you are using it outside of your website then you will need to use Bearer tokens.

    Auth is a very complicated thing, there's no single perfect way to do anything you and you need to be aware and responsible for the implications of what you choose. For example, bearer tokens should only be used of https, you can set up all sorts of different token policies such as how/when the expire, if you want to implement auto-renewing tokens, etc... There's a ton of reading to do about all of this stuff. ASP.Net identity certainly helps with all of this but it's not a silver bullet. The bearer token provider that we ship with in identity extensions is a very basic token server. If you need more robust options, you'll need to tweak the options for the token auth or override some features.

    The repo homes for these projects are:

    The rest api package installs the identity extensions package. Most of the documentation is currently in the readme files displayed to you when you install the package and inline in the code files that these packages install into your app_start folder.

  • Alexander Brückner 8 posts 75 karma points
    Sep 21, 2015 @ 11:33
    Alexander Brückner
    0

    Thanks a lot for your Feedback... The RestAPI works now!

  • Mark Smit 4 posts 85 karma points
    Sep 30, 2015 @ 08:53
    Mark Smit
    0

    If your app was already using OWIN you will run into a problem because your OWIN setup isn't called anymore. I found a fix for this by calling the umbraco OWIN setup from your own:

    public void Configuration(IAppBuilder app)
    {
        new UmbracoDefaultOwinStartup().Configuration(app);
    
  • Shannon Deminick 1526 posts 5272 karma points MVP 3x
    Sep 30, 2015 @ 09:33
    Shannon Deminick
    1

    Or better yet, you should inherit from UmbracoDefaultOwinStartup and override the necessary methods (and ensure that the base method is called)

  • Biagio Paruolo 1619 posts 1912 karma points c-trib
    Nov 03, 2015 @ 15:00
    Biagio Paruolo
    0

    Which is the setup if the calls are from outside domain ( see mobile app ) and with member login?

  • Alexander Brückner 8 posts 75 karma points
    Nov 04, 2015 @ 11:11
    Alexander Brückner
    0

    Hello Biagio, there is a new Dokumentation on our...

    https://our.umbraco.org/documentation/Implementation/Rest-Api/

    ...maybe it will help you further.

Please Sign in or register to post replies

Write your reply to:

Draft