Disable Authorization for SmartConnector EndPoint

sesa237670_brid · ‎2018-08-22

Hi Jeff,

Is it possible to allow to Invoke a method(Get) from SmartConnector Restprovider class without authentication step?

For Example:

http://127.0.0.1:8095/TestScript1

Invoking the above URL should give me response back from the Get method as "TEST DATA VALUES". However, I get following response:

<Error>

<Message>Authorization has been denied for this request.</Message>

</Error>

Please advise.

Thanks!

Neeraj Tomar

JeffBowman · ‎2018-08-23

Hi Neeraj,

It is not possible to disable Authentication on the whole endpoint, as this behavior is deeply embedded into the REST infrastructure of Smart Connector intentionally to make sure people will only disable authentication if they really really need to.

However, while its not possible to remove authentication on a whole endpoint, it is possible to make specific actions not require authentication.

To do this:

Make sure your controller class has the [Authorize] attribute on it.
On your action that you don't wan't to have authenticated, add the [AllowAnonymous] attribute.

After adding the above, it should now be possible to enact the action without authentication HOWEVER!!! On requests that are anonymous, the RestProvider itself (e.g. this.Provider on your controller class) will be null. This is because, the Provider is instantiated during authentication of each request, and since you are not authenticating it is never instantiated. To work around this, you simply need to move any code that would be in the provider class, to the controller class instead. This also means that if you need some data from your HttpConfiguration (which is available in the provider), you will likely need to save settings to the in-memory cache on start up to access from the controller later.

Regards,

-Jeff

See Answer In Context

JeffBowman · ‎2018-08-23

Hi Neeraj,

It is not possible to disable Authentication on the whole endpoint, as this behavior is deeply embedded into the REST infrastructure of Smart Connector intentionally to make sure people will only disable authentication if they really really need to.

However, while its not possible to remove authentication on a whole endpoint, it is possible to make specific actions not require authentication.

To do this:

Make sure your controller class has the [Authorize] attribute on it.
On your action that you don't wan't to have authenticated, add the [AllowAnonymous] attribute.

After adding the above, it should now be possible to enact the action without authentication HOWEVER!!! On requests that are anonymous, the RestProvider itself (e.g. this.Provider on your controller class) will be null. This is because, the Provider is instantiated during authentication of each request, and since you are not authenticating it is never instantiated. To work around this, you simply need to move any code that would be in the provider class, to the controller class instead. This also means that if you need some data from your HttpConfiguration (which is available in the provider), you will likely need to save settings to the in-memory cache on start up to access from the controller later.

Regards,

-Jeff