Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Gary Cheetham 20 posts 144 karma points
    Jan 16, 2017 @ 12:43
    Gary Cheetham
    0

    Configure anonymous authentication in Umbraco REST api

    Hi,

    I'm using the Umbraco REST api as a backend for a React single-page app.

    Following the docs I have token authentication set up for my backoffice users.

    Problem

    I need anonymous authentication for content reads only through the api, because the single page app will be public-facing for content reads.

    Possible solutions:

    • Best? Write authentication provider (I need docs/source code)
    • Worst? Create a back office user with permission only to read, and then add an endpoint to generate a token for each new session. I don't think this would work because it would invalidate the other tokens
  • Gary Cheetham 20 posts 144 karma points
    Jan 16, 2017 @ 14:02
    Gary Cheetham
    1

    Ok, I've done a bit of investigation in the source code of Umbraco REST API and it looks like it's limited to backoffice-user auth by design.

    It's no problem, but it would be a shame to write some custom solution because Umbraco REST API does everything I need it to do, just not this one thing! :-)

    I investigated how easy it would be to modify the source code of Umbraco REST api but I'm seeing lots of hard-coded [UmbracoAuthorize] attributes etc...

    So my current thinking now is to try and subclass one of the Umbraco REST api controllers, possibly UmbracoHalController or ContentController, with my own web API controller, but I would really appreciate some feedback on this idea before I start trying to properly reason about it (and perhaps find out it's a dead end)

    I'd really appreciate it if somebody from HQ or somebody else with experience could provide some feedback here.

    Cheers,

    Gary

  • Gary Cheetham 20 posts 144 karma points
    Jan 16, 2017 @ 17:39
    Gary Cheetham
    0

    I'm updating the topic for people finding this from Google. I've also been updating a Github issue here just in case.

    I'm pursuing the idea of subclassing one of the controllers from UmbracoRestApi, but I don't think it's going to be possible to register the routes for my subclassed UmbracoHalController propely because the custom extension method which the library uses to register the routes is marked as internal to the assembly; I can't access it.

Please Sign in or register to post replies

Write your reply to:

Draft