Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
I've installed the REST API nuget package to a 7.3 site but it is saying "Authorization has been denied for this request."
I want to run it on a local iis site - what do I need to do to configure this? I'm a bit lost!
i also need help to set up an REST API Demo. Same Problem "Authorization has been denied for this request.". HAL Browser works fine...
Can anyone help?
Thanks in advance
we have the same problem. Is there somewhere a description how to setup the authorization for the REST API?
Thanks in advance :)
I have the solution... ist quite simple
After that you have to edit the file \App_Start\UmbracoStandardOwinStartup.cs
Uncommented this line
And add the following lines
//Modify the CorsPolicy as required
CorsPolicy = new CorsPolicy()
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = true,
Don't forget the reference to
Here ist my Postman Sample...
"name": "umbraco restapi",
"value": "[email protected]",
The response ist something like that... (example, the token will be much larger):
Copy the Token and add the following line into the HAL Browser as an 'Custom Request Headers'
Authorization: Bearer 1MqtRPMSrOSvcuJdrCsMxDwyBHySaW5lLbyl5
great! Thank you for sharing your solution :-)
It depends on how you are using the RestApi (and we will of course add docs before we release the first version once Umb 7.3 is out the door).
If you are using it inside of your own site (i.e. making JS requests on the same domain), then the normal cookie auth will just work for your logged in users (which is probably why your HAL browser worked fine). However, if you are using it outside of your website then you will need to use Bearer tokens.
Auth is a very complicated thing, there's no single perfect way to do anything you and you need to be aware and responsible for the implications of what you choose. For example, bearer tokens should only be used of https, you can set up all sorts of different token policies such as how/when the expire, if you want to implement auto-renewing tokens, etc... There's a ton of reading to do about all of this stuff. ASP.Net identity certainly helps with all of this but it's not a silver bullet. The bearer token provider that we ship with in identity extensions is a very basic token server. If you need more robust options, you'll need to tweak the options for the token auth or override some features.
The repo homes for these projects are:
The rest api package installs the identity extensions package. Most of the documentation is currently in the readme files displayed to you when you install the package and inline in the code files that these packages install into your app_start folder.
Thanks a lot for your Feedback... The RestAPI works now!
If your app was already using OWIN you will run into a problem because your OWIN setup isn't called anymore. I found a fix for this by calling the umbraco OWIN setup from your own:
public void Configuration(IAppBuilder app)
Or better yet, you should inherit from UmbracoDefaultOwinStartup and override the necessary methods (and ensure that the base method is called)
Which is the setup if the calls are from outside domain ( see mobile app ) and with member login?
Hello Biagio, there is a new Dokumentation on our...
...maybe it will help you further.
is working on a reply...
Write your reply to:
Image will be uploaded when post is submitted