Anonymous call to REST / web service? - General Discussions - General Discussions - Progress Community
 General Discussions

Anonymous call to REST / web service?

  • Anonymous call to REST / web service?
  • I am trying to write a function in pure Javascript that will consume images in an album and display them somewhere else. Is this possible, or do I have to authenticate somewhere?

    I was under the impression that the REST / web services obey the permissions set in Sitefinity, but I get an error doing this:

    http://mydomain.com/Sitefinity/Services/Content/ImageService.svc/parent/4361489b-b776-4501-9999-ae941c73e546/

    The error I get is:
    "Detail":"..::login|session|expired::..\/Sitefinity\/Login\/Ajax"

    But the anonymous permission for the album/image view is granted. Can you please some light on REST security? Thanks.
  • Hello Basem,

    You should grant view permissions to the annonymous users or to the user you use, otherwise you need to authenticate a user through Telerik.Sitefinity.Security.Web.Services.Users service and then make another call to get the data.

    Best wishes,
    Ivan Dimitrov
    the Telerik team

  • 263241_album-permissions.PNG
    I tried this, but no luck. I thought the "Everyone" role would handle this, but I went ahead and added "Anonymous" and "Authenticated" to "View images" and "View this album" (screenshot attached). Without being logged in, I tried calling this URL:

    http://mydomain.com/Sitefinity/Services/Content/ImageService.svc/parent/4361489b-b776-4501-9999-ae941c73e546/

    But I still get this error:
    "Detail":"..::login|session|expired::..\/Sitefinity\/Login\/Ajax"

    Is anonymous calls not the intended use for REST services? If so, I can change my approach to server side to stick within guidelines. Thanks.
  • Hello Basem,

    It turned out that you cannot call the service if the user is not authenticated. We check for the current user and whether this is authenticated by using ServiceUtility.RequestAuthentication();.  So there should be a valid user in the context.

    Regards,
    Ivan Dimitrov
    the Telerik team

  • Thanks for the confirmation. May I suggest that client-side code should not have to authenticate if it is within the same domain origin? Such as, why should client-side scripts have to authenticate for publicly accessible content if the call is coming from my-sitefinity-site.com/somepage. I could understand if some-random-site.com/test.html is trying to make the call.. but even in that case they should be able to authenticate using an app id or something for publicly accessible content. Just my 2 cents :) Thanks again.
  • Hello Basem,

    Yes, this is something that we are going to implement in Q2/Q3.

    Kind regards,
    Ivan Dimitrov
    the Telerik team

  • Hi Basem / Support,

    Is there any documentation or example on how to authenticate a user by using the REST service?
    I want to authenticate a user to make use of the webservices. I'm calling them from a javascript app and an iOS app.

    Thanks,
    Daniel
  • Hello,

    There is a method of the Users service - AuthenticateUser that you can use

    AuthenticateUser(Credentials credentials) - returns UserLoggingReason
    Method = "POST",  ResponseFormat = WebMessageFormat.Json)]
    Comment = "Sets authentication cookies to the current request if the provided credentials are valid.")]


    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • Hi Ivan,

    When navigating to this service, I'm getting the following message:
    "Detail":"..::login|session|expired::..\/Sitefinity\/Login\/Ajax"

    So, how can we use the services, without the need to login?

    Daniel
  • Hi,

    Have you passed the credentials to it?

    Greetings,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  • No, I tried to access the /help file. But I'll try this first.

    Thanks,
    Daniel
  • @Daniel
    Did you get this to work?
    I am having the same issue
  • Hi,

    Please see this post http://www.sitefinity.com/devnet/forums/sitefinity/developing-with-sitefinity/sf-5-0-consuming-wcf-rest-services-from-an-external-net-app.aspx 

    Basically, the AuthenticateUser operation cannot be used anymore in SF 5.0 because it requires the user to be authenticated when performing the call ( how ironic).

    You need to send Authentication Headers as described in the link above. Then, you'll get a cookie back and you can insert this cookie for the next calls.
    Even though this link describes the code in .NET, the principle remains similar from javascript.

  • There was still issues with this so I ended up wrapping the Sitefinity requests with WebAPI:
    blog.falafel.com/.../using-asp.net-web-api-for-sitefinity-rest-services