I would like to demonstrate how to create Sitecore WebAPI based custom service and utilize native Sitecore/.NET security mechanism. The ServicesApiController is part of Sitecore.Services.Infrastructure.dll and it implements .NET ApiController. Usage of ServicesApiController ensures continuation of Sitecore global item security policies and individual filters that can have individual requirements. My goal is to create stateless WebAPI based service in Sitecore with authentication and authorization against Sitecore Security.

Project Configuration

  • Create custom controller

  • Custom Authentication/Authorization Filter (Known issue:  IsAuthenticated set to false for stateless auth, please click here for more details)

  • Custom patch  config File (App_Config/include/zzzzz_WeAPITest.config)

 

  • Update to App_Config/ConnectionStrings.config file (please do not use default token)

Testing with Postman

  • make a call to https://HOST/sitecore/api/ssc/auth/login
  • get token form response

request/response:

  • compile request to custom endpoint