Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Fiona 16 posts 197 karma points
    Mar 21, 2024 @ 11:01
    Fiona
    0

    Determine if call comes from Umbraco backoffice or not

    Hi,

    I'm using Umbraco Cloud version 13.2.0

    I have a piece of code that I only want to run when it's called from the Umbraco backoffice and not when the call is coming from the frontend of the website.

    Is there a way to determine whether the call is coming from the backoffice? How do I do this?

  • Damian 65 posts 388 karma points
    Mar 21, 2024 @ 14:19
    Damian
    0

    Probably the easiest way to ensure your controller is secured for only backoffice users is to inherit from Umbraco.Cms.Web.BackOffice.Controllers.UmbracoAuthorizedApiController. This is essentially the same as applying [Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)]

    Authorizing for the backoffice documentation is here: https://docs.umbraco.com/umbraco-cms/reference/routing/umbraco-api-controllers/authorization

    Adding this sort of authorization check should help get started on filtering out when the code should run. I'd suggest that you have different method signatures (etc…) for front-end calls if they need to be anonymous or using membership auth. holler if there are more specific here - cheers!

  • Fiona 16 posts 197 karma points
    Mar 21, 2024 @ 15:29
    Fiona
    0

    From the documentation you sent:

    It is important to know that this only works if the controller is routed to /umbraco/backoffice/*.

    This is not the case for this project, therefor the attribute is not working. I don't want the whole controller to be authorized, so I can't change it to AuthorizedApiController.

    Isn't there a simple property related to the UmbContext? Like the IsPreviewMode.

Please Sign in or register to post replies

Write your reply to:

Draft