Closed minhdn2 closed 3 months ago
Have you made your own controller? or are you using the graphql endpoint?
You can secure your controller as we do for the ContentApiController https://github.com/OrchardCMS/OrchardCore/blob/dev/src/OrchardCore.Modules/OrchardCore.Contents/Controllers/ApiController.cs
[Route("api/content")]
[ApiController]
[Authorize(AuthenticationSchemes = "Api"), IgnoreAntiforgeryToken, AllowAnonymous]
And you can then enable to OpenID
module to provide authentication tokens, and the IAuthorizationService
to check for permissions
And you can then enable to OpenID module to provide authentication tokens
We need a guide for that
@deanmarcussen It doesn't work
[Authorize(AuthenticationSchemes = "Api"), IgnoreAntiforgeryToken]
Is manual checking via IAuthorizationService
required ?. In the simple scenario above, I just want to check if the user logged in or not.
@hung-doan you manually check IAuthorizationService
to authorize against resources, i.e. content items, for the correct permissions, (or other alternate permissions you might have / be using.)
So for your simple scenario possibly not required, but still recommended.
Regardless it shouldn't stop it working.
Would need to understand what "doesn't work" to help further?
thanks, @deanmarcussen I managed to make it works. I didn't enable "OpenID Token Validation" so that It doesn't work.
To authorize a custom API we must
Where:
You need to enable this module to issue a token from OpenId Connect flows
Without this module, you can issue a token from Open Id, however we can't use returned token to do the authorization.
Would you mind adding some documentation based on your findings ?
Looks like we now have proper documentation in place for the OpenID module so closing 😃
Hello,
I was able to create an API module inside my Orchard Core CMS and now it is not secured. Could anyone please help to advise on how can I secure it correctly in Orchard Core?
Could please help to advise on where the authentication method for Bearer token for this API is stored in Orchard Core source code also?
Many thanks in advance.