Worst? Create a back office user with permission only to read, and then add an endpoint to generate a token for each new session. I don't think this would work because it would invalidate the other tokens
Ok, I've done a bit of investigation in the source code of Umbraco REST API and it looks like it's limited to backoffice-user auth by design.
It's no problem, but it would be a shame to write some custom solution because Umbraco REST API does everything I need it to do, just not this one thing! :-)
I investigated how easy it would be to modify the source code of Umbraco REST api but I'm seeing lots of hard-coded [UmbracoAuthorize] attributes etc...
So my current thinking now is to try and subclass one of the Umbraco REST api controllers, possibly UmbracoHalController or ContentController, with my own web API controller, but I would really appreciate some feedback on this idea before I start trying to properly reason about it (and perhaps find out it's a dead end)
I'd really appreciate it if somebody from HQ or somebody else with experience could provide some feedback here.
I'm updating the topic for people finding this from Google. I've also been updating a Github issue here just in case.
I'm pursuing the idea of subclassing one of the controllers from UmbracoRestApi, but I don't think it's going to be possible to register the routes for my subclassed UmbracoHalController propely because the custom extension method which the library uses to register the routes is marked as internal to the assembly; I can't access it.
Configure anonymous authentication in Umbraco REST api
Hi,
I'm using the Umbraco REST api as a backend for a React single-page app.
Following the docs I have token authentication set up for my backoffice users.
Problem
I need anonymous authentication for content reads only through the api, because the single page app will be public-facing for content reads.
Possible solutions:
Ok, I've done a bit of investigation in the source code of Umbraco REST API and it looks like it's limited to backoffice-user auth by design.
It's no problem, but it would be a shame to write some custom solution because Umbraco REST API does everything I need it to do, just not this one thing! :-)
I investigated how easy it would be to modify the source code of Umbraco REST api but I'm seeing lots of hard-coded
[UmbracoAuthorize]attributes etc...So my current thinking now is to try and subclass one of the Umbraco REST api controllers, possibly UmbracoHalController or ContentController, with my own web API controller, but I would really appreciate some feedback on this idea before I start trying to properly reason about it (and perhaps find out it's a dead end)
I'd really appreciate it if somebody from HQ or somebody else with experience could provide some feedback here.
Cheers,
Gary
I'm updating the topic for people finding this from Google. I've also been updating a Github issue here just in case.
I'm pursuing the idea of subclassing one of the controllers from UmbracoRestApi, but I don't think it's going to be possible to register the routes for my subclassed UmbracoHalController propely because the custom extension method which the library uses to register the routes is marked as internal to the assembly; I can't access it.
is working on a reply...