-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication
//TBD
By default calling of Entity Services does not take setting Sitecore.Services.AllowAnonymousUser into account. I have registered a ticket (Ticket reference number is 468175) to Sitecore Customer Services and there was a workaround created.
One more workaround is to create your own Authorization Filter by adding the class inherited from AuthorizationFilterAttribute, implementing the logic there and registering of that class in <filters>...</filters> section of Sitecore.Services.Client.config. See for example class CustomSecurityPolicyFilter and its registration in zSscAuthorizationFilters.config file, which is attached to the project.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Text;
using System.Web;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace Sitecore.SSC.EntityServicesExammple.Authentication
{
public class CustomSecurityPolicyFilter : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
HttpRequestMessage request = actionContext.Request;
if (!actionContext.RequestContext.Principal.Identity.IsAuthenticated ||
actionContext.RequestContext.Principal.Identity.Name.Equals(@"extranet\anonymous", StringComparison.InvariantCultureIgnoreCase))
{
actionContext.Response = request.CreateResponse(HttpStatusCode.Forbidden);
actionContext.Response.StatusCode = HttpStatusCode.Forbidden;
actionContext.Response.Content = new StringContent("Authentication is required", Encoding.UTF8, "text/html");
}
}
}
}This filter just checks whether the current principal is extranet\anonymous, of so, the response will be changed to 403 Forbidden.