Set MemberAuthorizeAttribute globally breaks umbraco backoffice
Our application has several API controllers (inherited from UmbracoApiController) and almost all endpoints requires an authorize attributes. Exceptions are endpoints like request for sign up, login and forgot password. So I want to set the attribute globally on all controllers and their endpoints and those that are don't need authorization, I will exclude them with allowAnonymous attribute.
I got this part working with the following code code:
public class RegisterCustomApiRoutesComponent : IComponent
{
public void Initialize()
{
//RouteTable.Routes.Ignore("umbraco/backoffice/{*path}");
GlobalConfiguration.Configuration.MapHttpAttributeRoutes();
GlobalConfiguration.Configuration.Filters.Add(new MemberAuthorizeAttribute());
}
public void Terminate()
{
throw new System.NotImplementedException();
}
}
and this works fine for my API endpoints. Unfortunately, this works too well because it somehow prevents me to get to the umbraco back office (or breaks it). When I try to navigate to domain/umbraco I get errors in my console.log:
Failed to load resource: the server responded with a status of 401 () -> umbraco/backoffice/UmbracoApi/Authentication/IsAuthenticated:1
Failed to load resource: the server responded with a status of 401 () -> umbraco/backoffice/UmbracoApi/Authentication/GetCurrentUser:1
TypeError: Cannot read property 'path' of null
at init.js?cdv=1:134
at Scope.$broadcast (angular.js?cdv=1:19723)
at angular-route.js?cdv=1:754
at processQueue (angular.js?cdv=1:17948)
at angular.js?cdv=1:17996
at Scope.$digest (angular.js?cdv=1:19115)
at Scope.$apply (angular.js?cdv=1:19503)
at done (angular.js?cdv=1:13346)
at completeRequest (angular.js?cdv=1:13603)
at XMLHttpRequest.requestLoaded (angular.js?cdv=1:13508)
I tried to exclude the umbraco/backoffice route by adding it to the Routes.Ignore (see the commented line in my code fragment) but that didn't do the trick either.
How do I add the memberAuthorizeAttribute to the filter without breaking my backoffice?
I haven't checked your solution yet but perhaps I will in the future. For now, I used a work around where I created my own base class which extends the UmbracoApiController class and on my base class I apply the MemberAuthorize attribute.
Set MemberAuthorizeAttribute globally breaks umbraco backoffice
Our application has several API controllers (inherited from UmbracoApiController) and almost all endpoints requires an authorize attributes. Exceptions are endpoints like request for sign up, login and forgot password. So I want to set the attribute globally on all controllers and their endpoints and those that are don't need authorization, I will exclude them with allowAnonymous attribute.
I got this part working with the following code code:
and this works fine for my API endpoints. Unfortunately, this works too well because it somehow prevents me to get to the umbraco back office (or breaks it). When I try to navigate to domain/umbraco I get errors in my console.log:
I tried to exclude the umbraco/backoffice route by adding it to the Routes.Ignore (see the commented line in my code fragment) but that didn't do the trick either.
How do I add the memberAuthorizeAttribute to the filter without breaking my backoffice?
Hi Cornelis,
What about this solution - https://our.umbraco.com/forum/umbraco-8/98388-custom-routes-break-umbraco-backoffice
Hello Alex,
I haven't checked your solution yet but perhaps I will in the future. For now, I used a work around where I created my own base class which extends the UmbracoApiController class and on my base class I apply the MemberAuthorize attribute.
is working on a reply...