Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Cornelis 12 posts 113 karma points
    Apr 06, 2020 @ 09:35
    Cornelis
    0

    Set MemberAuthorizeAttribute globally breaks umbraco backoffice

    Our application has several API controllers (inherited from UmbracoApiController) and almost all endpoints requires an authorize attributes. Exceptions are endpoints like request for sign up, login and forgot password. So I want to set the attribute globally on all controllers and their endpoints and those that are don't need authorization, I will exclude them with allowAnonymous attribute.

    I got this part working with the following code code:

    public class RegisterCustomApiRoutesComponent : IComponent
        {
            public void Initialize()
            {
                //RouteTable.Routes.Ignore("umbraco/backoffice/{*path}");
                GlobalConfiguration.Configuration.MapHttpAttributeRoutes();
                GlobalConfiguration.Configuration.Filters.Add(new MemberAuthorizeAttribute());
            }
    
            public void Terminate()
            {
                throw new System.NotImplementedException();
            }
        }
    

    and this works fine for my API endpoints. Unfortunately, this works too well because it somehow prevents me to get to the umbraco back office (or breaks it). When I try to navigate to domain/umbraco I get errors in my console.log:

    • Failed to load resource: the server responded with a status of 401 () -> umbraco/backoffice/UmbracoApi/Authentication/IsAuthenticated:1
    • Failed to load resource: the server responded with a status of 401 () -> umbraco/backoffice/UmbracoApi/Authentication/GetCurrentUser:1
    • Possibly unhandled rejection: null -> angular.js?cdv=1:15570 Possibly unhandled rejection: null
    • TypeError: Cannot read property 'path' of null at init.js?cdv=1:134 at Scope.$broadcast (angular.js?cdv=1:19723) at angular-route.js?cdv=1:754 at processQueue (angular.js?cdv=1:17948) at angular.js?cdv=1:17996 at Scope.$digest (angular.js?cdv=1:19115) at Scope.$apply (angular.js?cdv=1:19503) at done (angular.js?cdv=1:13346) at completeRequest (angular.js?cdv=1:13603) at XMLHttpRequest.requestLoaded (angular.js?cdv=1:13508)

    I tried to exclude the umbraco/backoffice route by adding it to the Routes.Ignore (see the commented line in my code fragment) but that didn't do the trick either.

    How do I add the memberAuthorizeAttribute to the filter without breaking my backoffice?

  • Alex Skrypnyk 6131 posts 23950 karma points MVP 7x admin c-trib
    Apr 14, 2020 @ 22:52
  • Cornelis 12 posts 113 karma points
    May 08, 2020 @ 12:04
    Cornelis
    0

    Hello Alex,

    I haven't checked your solution yet but perhaps I will in the future. For now, I used a work around where I created my own base class which extends the UmbracoApiController class and on my base class I apply the MemberAuthorize attribute.

Please Sign in or register to post replies

Write your reply to:

Draft