Anonymous call to REST / web service?
I am trying to write a function in pure Javascript that will consume images in an album and display them somewhere else. Is this possible, or do I have to authenticate somewhere?
I was under the impression that the REST / web services obey the permissions set in Sitefinity, but I get an error doing this:
http://mydomain.com/Sitefinity/Services/Content/ImageService.svc/parent/4361489b-b776-4501-9999-ae941c73e546/
The error I get is:
"Detail":"..::login|session|expired::..\/Sitefinity\/Login\/Ajax"
But the anonymous permission for the album/image view is granted. Can you please some light on REST security? Thanks.
Hello Basem,
You should grant view permissions to the annonymous users or to the user you use, otherwise you need to authenticate a user through Telerik.Sitefinity.Security.Web.Services.Users service and then make another call to get the data.
Best wishes,
Ivan Dimitrov
the Telerik team
I tried this, but no luck. I thought the "Everyone" role would handle this, but I went ahead and added "Anonymous" and "Authenticated" to "View images" and "View this album" (screenshot attached). Without being logged in, I tried calling this URL:
http://mydomain.com/Sitefinity/Services/Content/ImageService.svc/parent/4361489b-b776-4501-9999-ae941c73e546/
But I still get this error:
"Detail":"..::login|session|expired::..\/Sitefinity\/Login\/Ajax"
Is anonymous calls not the intended use for REST services? If so, I can change my approach to server side to stick within guidelines. Thanks.
Hello Basem,
It turned out that you cannot call the service if the user is not authenticated. We check for the current user and whether this is authenticated by using ServiceUtility.RequestAuthentication();. So there should be a valid user in the context.
Regards,
Ivan Dimitrov
the Telerik team
Thanks for the confirmation. May I suggest that client-side code should not have to authenticate if it is within the same domain origin? Such as, why should client-side scripts have to authenticate for publicly accessible content if the call is coming from my-sitefinity-site.com/somepage. I could understand if some-random-site.com/test.html is trying to make the call.. but even in that case they should be able to authenticate using an app id or something for publicly accessible content. Just my 2 cents :) Thanks again.
Hello Basem,
Yes, this is something that we are going to implement in Q2/Q3.
Kind regards,
Ivan Dimitrov
the Telerik team
Hi Basem / Support,
Is there any documentation or example on how to authenticate a user by using the REST service?
I want to authenticate a user to make use of the webservices. I'm calling them from a javascript app and an iOS app.
Thanks,
Daniel
Hello,
There is a method of the Users service - AuthenticateUser that you can use
AuthenticateUser(Credentials credentials) - returns UserLoggingReason
Method = "POST", ResponseFormat = WebMessageFormat.Json)]
Comment = "Sets authentication cookies to the current request if the provided credentials are valid.")]
Greetings,
Ivan Dimitrov
the Telerik team
Hi Ivan,
When navigating to this service, I'm getting the following message:
"Detail":"..::login|session|expired::..\/Sitefinity\/Login\/Ajax"Hi,
Have you passed the credentials to it?
Greetings,
Ivan Dimitrov
the Telerik team
No, I tried to access the /help file. But I'll try this first.
Thanks,
Daniel
@Daniel
Did you get this to work?
I am having the same issue
Hi,
Hi Daniel,
I happened to read the post that you had about trying to access the authenticate webservice from javascript. were you able to make that call. If so do you happen to have the sample code for that? I am tring to do the same and am not successfull.
Any guidence appreciated.
Thanks
There was still issues with this so I ended up wrapping the Sitefinity requests with WebAPI:
blog.falafel.com/.../using-asp.net-web-api-for-sitefinity-rest-services
It would be cool if this was a priority to fix...like we have this cool tool in Icenium, but no way to get to our SF data through it.
Did anyone get a solution for this? Still struggling with getting Javascript to pull in some data anonymously on the client.
No, you have to roll your own...but on the plus side you can use servicestack to impliment and it's a billion times faster than the native wcf services...
(Servicestack is included in Sitefinity, all new services use it, they haven't migrated old ones yet)
Thanks Steve. I'll take a look at it. Shame it was never implemented though -1 for sitefinity :(
We ended up creating an SDK for Sitefinity that also includes web services out of the box: Babaganoush SDK
Thank for sharing.