I have created a controller that i want to call as a rest service from postman:
namespace my.namespace
{
[Route("Hello/[action]")]
[UmbracoMemberAuthorize("", "Hello-group", "")]
public class HelloController : UmbracoApiController
{
public string HelloWorld()
{
return "Hi";
}
}
}
I have also added a member group in Umbraco called "Hello-group" and added a member to that group.
When i try to call this service from postman with this url:
https://localhost:myport/hello/helloworld
And i have added my users username and password and selected basic-auth in the postman authorization tab i get an 404 not found error returned.
If i remove the [UmbracoMemberAuthorize("", "Hello-group", "")] annotation it works.
Im pretty new to Umbraco but this seems like a simple setup so im confused as to what is going on. Can anyone help me figure out if i need to add a setting somewhere or do it another way?
Im using Umbraco 9 and it seems pretty simple to just add the annotation to the class, but im getting a 404 error - shouldnt i be getting an unauthorized error or something like that?
No i haven't tried the cookie approach, i need to grant access to outside parties to call my Api Controllers - so i sort of assumed that it would not be viable to ask them to create cookies with a backend login.
Im just using Postman as an example - i expect outside parties to create their own Api to call my rest services (probably some java code)
But im new to Umbraco, so could the cookie trick be applied to a java client for instance?
Ah. I think I understand the issue now that there is a little more context. The UmbracoMemberAuthorize attribute should be used only for logged in Members.
If you want a 3rd party to access the API this might help:
From that link it seems there are alot more going on under the hood when working with API endpoints than what i first thought. I will try out the example and see where it leads and update this thread afterwards
How do i call my api with authorization
I have created a controller that i want to call as a rest service from postman:
I have also added a member group in Umbraco called "Hello-group" and added a member to that group.
When i try to call this service from postman with this url: https://localhost:myport/hello/helloworld And i have added my users username and password and selected basic-auth in the postman authorization tab i get an 404 not found error returned.
If i remove the [UmbracoMemberAuthorize("", "Hello-group", "")] annotation it works.
Im pretty new to Umbraco but this seems like a simple setup so im confused as to what is going on. Can anyone help me figure out if i need to add a setting somewhere or do it another way?
Thanks
Hi Jacob,
have a look at this thread, it might help:
https://our.umbraco.com/forum/using-umbraco-and-getting-started/100730-failing-authorisation-when-calling-an-umbracoauthorizedapicontroller
Hi Brendan I actually build my solution from that link. Its mainly about how Umbraco 7 works, but also have a link to the newest Umbraco 9 howto description: https://our.umbraco.com/Documentation/Reference/Routing/WebApi/authorization-v9
Im using Umbraco 9 and it seems pretty simple to just add the annotation to the class, but im getting a 404 error - shouldnt i be getting an unauthorized error or something like that?
Have you included local cookies in the Postman request as described in the link above?
Hi Brendan
No i haven't tried the cookie approach, i need to grant access to outside parties to call my Api Controllers - so i sort of assumed that it would not be viable to ask them to create cookies with a backend login.
Im just using Postman as an example - i expect outside parties to create their own Api to call my rest services (probably some java code)
But im new to Umbraco, so could the cookie trick be applied to a java client for instance?
Ah. I think I understand the issue now that there is a little more context. The UmbracoMemberAuthorize attribute should be used only for logged in Members.
If you want a 3rd party to access the API this might help:
https://github.com/mattbrailsford/umbraco-authu
Hi Brendan
From that link it seems there are alot more going on under the hood when working with API endpoints than what i first thought. I will try out the example and see where it leads and update this thread afterwards
Bummer - AuthU seems to be something that would work well for my needs, but its not applicable for Umbraco 9 yet.
Are there other authentication packages that work for umbraco 9 out there?
I'm not sure this would work as I've never tried it but .Net Core might be able to plug the gap:
https://auth0.com/blog/aspnet-web-api-authorization/
is working on a reply...