It depends on how you are using the RestApi (and we will of course add docs before we release the first version once Umb 7.3 is out the door).
If you are using it inside of your own site (i.e. making JS requests on the same domain), then the normal cookie auth will just work for your logged in users (which is probably why your HAL browser worked fine). However, if you are using it outside of your website then you will need to use Bearer tokens.
Auth is a very complicated thing, there's no single perfect way to do anything you and you need to be aware and responsible for the implications of what you choose. For example, bearer tokens should only be used of https, you can set up all sorts of different token policies such as how/when the expire, if you want to implement auto-renewing tokens, etc... There's a ton of reading to do about all of this stuff. ASP.Net identity certainly helps with all of this but it's not a silver bullet. The bearer token provider that we ship with in identity extensions is a very basic token server. If you need more robust options, you'll need to tweak the options for the token auth or override some features.
The rest api package installs the identity extensions package. Most of the documentation is currently in the readme files displayed to you when you install the package and inline in the code files that these packages install into your app_start folder.
If your app was already using OWIN you will run into a problem because your OWIN setup isn't called anymore. I found a fix for this by calling the umbraco OWIN setup from your own:
public void Configuration(IAppBuilder app)
{
new UmbracoDefaultOwinStartup().Configuration(app);
Rest Api Setup
Hello,
I've installed the REST API nuget package to a 7.3 site but it is saying "Authorization has been denied for this request."
I want to run it on a local iis site - what do I need to do to configure this? I'm a bit lost!
Hello everybody,
i also need help to set up an REST API Demo. Same Problem "Authorization has been denied for this request.". HAL Browser works fine...
Can anyone help?
Thanks in advance Alex
Hello,
we have the same problem. Is there somewhere a description how to setup the authorization for the REST API?
Thanks in advance :)
Cheers,
Sören
I have the solution... ist quite simple
owin:appStartupin the webconfig tovalue="UmbracoStandardOwinStartup".After that you have to edit the file \App_Start\UmbracoStandardOwinStartup.cs
Uncommented this line
And add the following lines
Don't forget the reference to
using Umbraco.RestApi; using System.Web.Cors;Here ist my Postman Sample...
}
The response ist something like that... (example, the token will be much larger):
{ "accesstoken": "1MqtRPMSrOSvcuJdrCsMxDwyBHySaW5lLbyl5", "tokentype": "bearer", "expires_in": 86399 }
Copy the Token and add the following line into the HAL Browser as an 'Custom Request Headers'
Authorization: Bearer 1MqtRPMSrOSvcuJdrCsMxDwyBHySaW5lLbyl5
Hi Alex,
great! Thank you for sharing your solution :-)
Cheers, Sören
It depends on how you are using the RestApi (and we will of course add docs before we release the first version once Umb 7.3 is out the door).
If you are using it inside of your own site (i.e. making JS requests on the same domain), then the normal cookie auth will just work for your logged in users (which is probably why your HAL browser worked fine). However, if you are using it outside of your website then you will need to use Bearer tokens.
Auth is a very complicated thing, there's no single perfect way to do anything you and you need to be aware and responsible for the implications of what you choose. For example, bearer tokens should only be used of https, you can set up all sorts of different token policies such as how/when the expire, if you want to implement auto-renewing tokens, etc... There's a ton of reading to do about all of this stuff. ASP.Net identity certainly helps with all of this but it's not a silver bullet. The bearer token provider that we ship with in identity extensions is a very basic token server. If you need more robust options, you'll need to tweak the options for the token auth or override some features.
The repo homes for these projects are:
The rest api package installs the identity extensions package. Most of the documentation is currently in the readme files displayed to you when you install the package and inline in the code files that these packages install into your app_start folder.
Thanks a lot for your Feedback... The RestAPI works now!
If your app was already using OWIN you will run into a problem because your OWIN setup isn't called anymore. I found a fix for this by calling the umbraco OWIN setup from your own:
Or better yet, you should inherit from UmbracoDefaultOwinStartup and override the necessary methods (and ensure that the base method is called)
Which is the setup if the calls are from outside domain ( see mobile app ) and with member login?
Hello Biagio, there is a new Dokumentation on our...
https://our.umbraco.org/documentation/Implementation/Rest-Api/
...maybe it will help you further.
is working on a reply...