Claims based login for resftul api

Posted by Community Admin on 05-Aug-2018 20:29

Claims based login for resftul api

Sitefinity - Ideas & Feature Requests

All Replies

Posted by Community Admin on 15-Mar-2012 00:00

I'd like to see an expansion on this post http://www.sitefinity.com/blogs/svetlayankova/posts/11-11-01/getting_started_with_restful_services_in_sitefinity.aspx using the new claims based authentication

Posted by Community Admin on 20-Mar-2012 00:00

Hi Kristian,

Thank you for your suggestion!

We'll try to have this rolled out by the end of the week.

All the best,
Svetla
the Telerik team

Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 08-Jun-2012 00:00

Any word on this information being released?  There is a similar thread that went unanswered as well.  Thanks.

cli

Posted by Community Admin on 12-Jun-2012 00:00

Hi Kristian and Charles,

Attached is a code sample that accomplishes the task. 

A quick run-through of the sample:

  • The Helpers folder contains wrappers for both authentication modes (forms and claims) illustrating login, logout and different other htttp requests. 
  • The Model folder contains automatically generated classes for the different objects in Sitefinity. I generate these classes using json2csharp from the json that Sitefinity itself passes to the services. I do simple inspection through Fiddler, Firebug or Chrome tools to check the payload and the different headers of each request that I want to replicate.
  • The UI is simply tied to this functionality, in this particular sample I fetch the orders and create a product programatically. The dropdown toggles between authentication modes.

My idea is to create a universal and shippable wrapper library for .NET based RESTful clients and as such this sample can mature a lot more. Any feedback is highly appreciated!

All the best,
Svetla
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

Posted by Community Admin on 14-Jun-2012 00:00

Thank you for the detailed response!  I know a lot of other people will find this extremely helpful as well.  I think this should be part of the official documentation in some form whether it's the exact sample or an outline of the necessary steps.  It's essential to fully leverage the restful api services.

I'm integrating the code now and will report my findings.  Thanks again.

Posted by Community Admin on 14-Jun-2012 00:00

Again, this is a great start.  However, it does not provide a mechanism to log yourself out if you're logged in a different session.  This happens to me often while testing different browsers if I forget to log off.  There isn't sample code in the forums on how to do this programmatically server side.  You can use sitefinity's own self sign out page but many people want to do this automatically to bypass it.  My current workaround is to edit the database table directly which I know is not recommended.  Can this even be done with the provided restful api?

Posted by Community Admin on 14-Jun-2012 00:00

I have a code snippet that automatically logs the user out, then logs the user in. I think this solution can be modified to assist you with the functionality you are looking for.

var currentUser = SecurityManager.AuthenticateUser(System.Web.Security.Membership.Provider.Name, username, pwd, rememberMe);
if (currentUser == UserLoggingReason.UserAlreadyLoggedIn)
    SecurityManager.Logout();
    currentUser = SecurityManager.AuthenticateUser(Membership.Provider.Name, username, pwd, rememberMe);

Posted by Community Admin on 04-Sep-2012 00:00

I'm trying to get this working with 5.1 and the same application suffers the same fate as my homegrown solution.  Both are able to authenticate and get a token but then they fail to authorize on subsequent calls.  

When I run this sample against my 5.1 installation it gets logged in, but upon clicking "List Data" the call to the SF API gets a 401.

How does one correctly create an HTTP GET with the token provided?

EDIT: I've found that the token was UrlEncoded 2x, so decoding it once left me with a valid token.  I'm using HttpClient in my example.

This thread is closed