I have a piece of code that I only want to run when it's called from the Umbraco backoffice and not when the call is coming from the frontend of the website.
Is there a way to determine whether the call is coming from the backoffice? How do I do this?
Probably the easiest way to ensure your controller is secured for only backoffice users is to inherit from Umbraco.Cms.Web.BackOffice.Controllers.UmbracoAuthorizedApiController. This is essentially the same as applying [Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)]
Adding this sort of authorization check should help get started on filtering out when the code should run. I'd suggest that you have different method signatures (etc…) for front-end calls if they need to be anonymous or using membership auth. holler if there are more specific here - cheers!
It is important to know that this only works if the controller is routed to /umbraco/backoffice/*.
This is not the case for this project, therefor the attribute is not working.
I don't want the whole controller to be authorized, so I can't change it to AuthorizedApiController.
Isn't there a simple property related to the UmbContext? Like the IsPreviewMode.
Determine if call comes from Umbraco backoffice or not
Hi,
I'm using Umbraco Cloud version 13.2.0
I have a piece of code that I only want to run when it's called from the Umbraco backoffice and not when the call is coming from the frontend of the website.
Is there a way to determine whether the call is coming from the backoffice? How do I do this?
Authorizing for the backoffice documentation is here: https://docs.umbraco.com/umbraco-cms/reference/routing/umbraco-api-controllers/authorization
Adding this sort of authorization check should help get started on filtering out when the code should run. I'd suggest that you have different method signatures (etc…) for front-end calls if they need to be anonymous or using membership auth. holler if there are more specific here - cheers!
From the documentation you sent:
This is not the case for this project, therefor the attribute is not working. I don't want the whole controller to be authorized, so I can't change it to AuthorizedApiController.
Isn't there a simple property related to the UmbContext? Like the IsPreviewMode.
is working on a reply...