Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Biagio Paruolo 1583 posts 1814 karma points c-trib
    Nov 03, 2015 @ 14:58
    Biagio Paruolo
    0

    REST APIs in Umbraco: Example how to secure api call only from member login?

    Is there an example on how to call api only for authenticate member and not backoffice user?

  • Marc Goodson 2123 posts 14214 karma points MVP 8x c-trib
    Nov 04, 2015 @ 21:20
    Marc Goodson
    1

    Hi Biagio

    UmbracoApiController ?

    You can decorate the controller or action with a MemberAuthorize decoration eg:

    [MemberAuthorize(AllowType = "MemberTypeName")]
    public class MyLovelyApiController : UmbracoApiController
    

    would secure by MemberType Alias

    or

     [MemberAuthorize(AllowGroup = "MemberGrouporRole")]
    public class MyLovelyApiController : UmbracoApiController
    

    by Member Group/Role

    or

     [MemberAuthorize(AllowMembers = "member1,member2,member3")]
    public class MyLovelyApiController : UmbracoApiController
    

    would be a comma separated list of specific users...

    if that helps ?

    regards

    Marc

  • Norbert Haberl 32 posts 115 karma points
    Feb 09, 2016 @ 15:33
    Norbert Haberl
    0

    Perfect answer, do you even know if it does only work with cookies ? I would need some kind of auth for mobile apps ... without cookies.

    I couldn't find anything further regarding the MemberAuthorize attribute.

  • Marc Goodson 2123 posts 14214 karma points MVP 8x c-trib
    Feb 14, 2016 @ 00:53
    Marc Goodson
    0

    Hi Norbert

    Have a look at this article Warren Buckley wrote about using JWT tokens to secure Umbraco API controllers:

    http://creativewebspecialist.co.uk/2015/01/06/securing-umbraco-web-apis-using-json-web-tokens/

  • Biagio Paruolo 1583 posts 1814 karma points c-trib
    Jan 20, 2017 @ 15:24
    Biagio Paruolo
    0

    This a better https://github.com/warrenbuckley/Umbraco-JWT-AuthTokens starting point to create Umbraco WebAPI because it authenticate and authorize members and users. The Umbraco Rest Api pack is in stand by and AA only the users.

Please Sign in or register to post replies

Write your reply to:

Draft