As I guess, you got error at 

var result = client.GetAsync("/episerverapi/commerce/catalogs").Result.Content.ReadAsStringAsync().Result;

Could you show me the exception message?

Hi Son Do,

With admin user (default user): I can't get token.

With the windowmembership: I get token, but can't get catalog

result message: "\"User is not authorized for this request\"" is error message. I had check user/password. it's WebAdmins user.

Thanks.

Hi Sy,

Your information was not enough for me find out the issue, it's too generic. Could you show me more detail on this line:

var response = client.PostAsync("/episerverapi/token", new FormUrlEncodedContent(fields)).Result;

What is result of this request?

Hi Son Do,

PostAsync request return HttpStatusCode.OK. I can get token successfully:

token value: {FHh06o7k8qDCh1b5UiaP4W5QCjQ55nz4MdFjX-ToGK11IsWaxzVTEyp9mueQogrtVQOInyqsFYDnAwoBut0SXVuzrCf8z148yNenfgwYxe-pMpIsyLlvxXNyeoAVr9tyDzCAYM2fOgbOuRIP_DEnCL_tSE6U-WU4zLAs3gAUCuTARGKxqlPepk71wjo7CfF41WFK2J3Wm54KbfH19BT5c29dH6aK5ciWVPkZ1fJS6tsK06luALyDPTD_B9-N69ihdiKZ-PHDEVg5ayjanyd-mYEt-CacBU0wLoKBQy5BS-HIULoCm73D6wxYxwv2HzH4}

I user this token to get catalog:

                client.BaseAddress = new Uri("https://mysite/");
                client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.ToString());
                if(bIsXMLOutput)
                {
                    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("text/xml"));
                }
                var result = client.GetAsync("/episerverapi/commerce/catalogs").Result.Content.ReadAsStringAsync().Result;

request is not success. \"User is not authorized for this request\" Error only on Episerver10

Regards,

Sy

Hi Sy,

It's strange. I'm comparing your code and service client code on GitHub but they are the same.

Could you show me your package.config, I want to build environment to issue you got.

Regards,

/Son Do

Hi Son Do,

I think there is not true on my setting up step.

Today i setup latest commerce. (VS2015, CMS 10.3.1, Commerce 10.2.2)

Duplicated step:

- Setup CMS site(Alloy site).

- Setup Commerce in CMS site.

- Setup EPiServer.ServiceApi.Commerce.

Add to web.config:

<add key="owin:AutomaticAppStartup" value="true" />
<add key="owin:AppStartup" value="eCommerce10.Startup" />

Add newuser: sy.nguyen WebAdmins group

Get token: {StatusCode: 400, ReasonPhrase: 'Bad Request'}

                client.BaseAddress = new Uri("https://ecom4.dev.nis:433/");
                var fields = new Dictionary<string, string>
                {
                    { "grant_type", "password" },
                    { "username", "sy.nguyen" },
                    { "password", "abc@54321" }
                };
                try
                {
                    var response = client.PostAsync("/episerverapi/token", new FormUrlEncodedContent(fields)).Result;
                    if (response.StatusCode == HttpStatusCode.OK)
                    {
                        var content = response.Content.ReadAsStringAsync().Result;
                        token = Newtonsoft.Json.Linq.JObject.Parse(content).GetValue("access_token");
                    }

                }
                catch (Exception ex)
                {
                    MessageBox.Show(ex.Message);
                }

I think having some change in episerver10. Thanks advance.

Sy

Hi Sy,

You are using latest cms and service api, so we're having a bug about authentication with service api:

The returned result is not in json format,  so parsing json causes error.

I hope we could fix it and release in cms package soon. 

Thank for your patience. 

/Son Do 

P/s: please send me your contact, I will call you when I have information about the fix. 

Hi Son Do,

my email: sy.nguyen@niteco.se

I am updating my addon to episerver 10. Call me when u had new version without this isssue.

Regards,

Sy

Hi Son Do,

*** Chúc Mừng Năm Mới ***

Come back after Tet holiday with lastest episerver version. Old issue is still persist. :) Episerver has plan to fix it?

Regards,

Sy

Hi Sy,

We had plan fixing this issue and will be released soon.  I will mail to you when it out.

Thanks for your patience.

/Son Do

Hi Sy,

I’m happy to announce that Episerver.ServiceApi 3.0 was released.

This document describes breaking change: http://world.episerver.com/documentation/upgrading/episerver-service-api/service-api-3/

And this describes how to install it to your project http://world.episerver.com/documentation/upgrading/episerver-service-api/service-api-3/installation-and-configuration/

Thanks again for your patience!

/Son Do

I'm using the version 3. But I still get "User is not authorized for this request" when I'm trying to access https://localhost/episerverapi/commerce/catalogs.

I'm using Basic authentication and using the Admin user and pwd.

I just decide the try access "/commerce/catalogs" to test, because my focus is /episerverapi/token but it in this moment is returning {

{
"error": "unsupported_grant_type"
}

Can someone help me?

Hi Anderson,

If you use ASP.NET Membership, you need to add those code below to Startup file: 

app.UseServiceApiMembershipTokenAuthorization();

If you use AspNetIdentity, adding this

app.AddCmsAspNetIdentity<ApplicationUser>();

Refer to section "Configuring OWIN startup" in this document, http://world.episerver.com/documentation/upgrading/episerver-service-api/service-api-3/installation-and-configuration/

And if you're in develop environment (without SSL), you need this 

<add key="episerver:serviceapi:requiressl" value="false" />

Could you told us that the membership type you're using? And you could  use this tool https://github.com/episerver/ServiceApi-Client to verify your service api.

Thank you @Son Do. 

Adding this code on my startup.cs

app.UseServiceApiMembershipTokenAuthorization(new ServiceApiTokenAuthorizationOptions
{
           AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60)
});

Make my login work very well. 

But, doesn't matter which method I try to call from the API I get the same error: "User is not authorized for this request"

I checked my permission table and my user has permission for Read and Write.

It is possible test the calls from POSTMAN? How can I define the token?

Yes, it is possible using Postman to test your service api.

After getting token using http://domain.com/episerverapi/token, you will get a token for next request.

Using this token with 'bearer' prefix, you will get result.

Hope this helps!

/Son Do

This was exactly what I have tried. But the retorn from the API is the same.

do you have any another ideia?

You say your user has read access and write access. Do you mean the Permissions 'ReadAccess' and 'WriteAccess' to the GroupName 'EPiServerServiceApi' (correct case is important) in the tblUserPermission table in the CMS database? Are they set specifically for the user or for a role the user is in? In any case, is the IsRole column correct?

Thank you, Magnus

I'm using Admin to login in. 

3	Administrators	1	ReadAccess	EPiServerServiceApi
2	Administrators	1	WriteAccess	EPiServerServiceApi

Also, I did SQL Profiler. 

When the code executes this command:

the list returned is:

• Administrators
• ApiUsers
• Everyone
• Management Users
• Order Managers
• Order Supervisor
• Receiving Manager
• Registered
• Shipping Manager
• WebAdmins
• WebEditors
• EPiServerServiceApi

and this is my startup class:

app.AddCmsAspNetIdentity<ApplicationUser>();

            // Enable bearer token authentication using Membership for Service Api
            app.UseServiceApiMembershipTokenAuthorization();

I have no more ideas how to fix it.

Look like we don't need 

app.AddCmsAspNetIdentity<ApplicationUser>();

I understood Son, I already removed it. but I still with the problem, I opened a tick with episerver to investigation. 

It looks like parts of the sql profiler info was lost. With the permissions table set up like this, the key is really that true is returned from a principal.IsInRole("Administrators") call (where principal is the authenticated user you use). Can you verify this somehow (e.g. log in manually to the site with the same user account and put a call to PrincipalInfo.CurrentPrincipal.IsInRole("Administrators"))?

Thank you guys. 

I found the issue. In the version 2.0 I got the recommendation to implement in a different Domain. In the version 3.0 It must be implemented on the CMS.

I just was able to figure out this when I started to decompile the Episerver DLLS.

I'm sorry, I don't understand what you mean by different URL vs on the CMS. Could you elaborate? What did you find by decompiling? Understanding the issue better can help us help others in the future. Thank you!

Son Do,

I setup latest version episerver 10.

Setup 3.0 serviceAPI.

I can get token: {XnSx1YawazzL_TuhqONyEVNB7fOhIbSEnIhK9ye0CXU7ZnsOYTx9J0_Bisok-E4hUbom2mu8i5qBbUxxD8QvJGriH2SRPxjRTKxr7jzGaaahDzQrs_A-pDkyQA8ev49LK3TYapyyOvfuKWCY1Uv4b2FA-GAVKPOhmHu9LCFzqump2WcqH1DvWx2EBx3hX-QihiTdBfyFzYhlNDmo0e6U9kgEER2eSG5YVOJsufaJGxmt27ovoKbitB-iDaN5SMl2kadraG185O2vJ-olo-zo243jFEF1ravv6luSE3nq7omQxDVB_rQh-zKNd6ft7mPClwQpLl_mX54YWrPpy1c2fFwGXx_xh_b5WSLRxl3rQYPfeNlbVjeUPmPH7FN_0FOZKPo7d9NUGEe-RvT2nEoqDyosoAOh0zTSZtUWdQOobBM-yQTYJM-hkFVdHlR9yt7C4fcBeDrUOC1_CVBBr8TJfw3AktVhmYTSTTSt2-XaO4MzdtwfHnzHCTlaNb4IJoNX9YD1tFZ2sqeXqwucnfaz2A}

using token to get /episerverapi/commerce/catalogs to get catalog is not success:

result: error code 500, ReasonPhrase: 'Internal Server Error'

"{\"Message\":\"An error has occurred.\",\"ExceptionMessage\":\"Sequence contains more than one element\",\"ExceptionType\":\"System.InvalidOperationException\",\"StackTrace\":\"   at System.Linq.Enumerable.SingleOrDefault[TSource](IEnumerable`1 source)\\r\\n   at Microsoft.Owin.Security.AuthenticationManager.<AuthenticateAsync>d__8.MoveNext()\\r\\n--- End of stack trace from previous location where exception was thrown ---\\r\\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\\r\\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\\r\\n   at System.Web.Http.HostAuthenticationFilter.<AuthenticateAsync>d__0.MoveNext()\\r\\n--- End of stack trace from previous location where exception was thrown ---\\r\\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\\r\\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\\r\\n   at System.Web.Http.Controllers.AuthenticationFilterResult.<ExecuteAsync>d__0.MoveNext()\\r\\n--- End of stack trace from previous location where exception was thrown ---\\r\\n   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\\r\\n   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\\r\\n   at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__1.MoveNext()\"}"

May you show me any clue with this issue. Thanks a lot.

 Regards,

Sy

Hi Sy,

Have you got any special catalog in your site?

I tried to install service api in Quicksilver site and request this /episerverapi/commerce/catalogs, this is the result I got:

If you did extend with your own implementation, I suggest that you could submit a support ticket to support team, send them your code for investigate, I think you will get better solution.

P/s: Sorry for late feedback for this thread.

/Son Do

anyone, who checked out sourecoure of QuickSilver with latest version("QuickSilver release version 10.7.1" by Ba Luu on 6/6/2017) & install EPiServer.ServiceApi.Commerce then can get token successfully ? remember that checkout to have the new sourcecode & new site without any cache.

I tried to check out & install EPiServer.ServiceApi.Commerce Version 3.0.1 but can't get token by sourcecode testing as below:

client.BaseAddress = new Uri("https://mysite/");
                var fields = new Dictionary<string, string>
                {
                    { "grant_type", "password" },
                    { "username", "myuser" },
                    { "password", "mypassword" }
                };
                try
                {
                    var response = client.PostAsync("/episerverapi/token", new FormUrlEncodedContent(fields)).Result;
                    if (response.StatusCode == HttpStatusCode.OK)

{........}

StatusCode always return Badrequest.

remember to check out a new sourcecode & buid a new site, not pull to current sourcecode to avoid cache.

PS: of course I checked the ServiceApi installed successully by access https://mysite/EPiServerApi/version & https://mysite/EPiServerApi/Token from browser

Thanks

When I had this problem was because I had ServiceApi installed at the same host. in Your case "https://mysite/", I created a new Host "https://serviceApi" and this I added the service API.

haha,

I also tried many times as you did but not lucky as you :)

This is still an issue with ServiceApi 5. (https://world.episerver.com/documentation/class-libraries/rest-apis/service-api/)

I consitently get those unauthorized messages from the service api. 

Anybody here with strong answer?

Wow you resurrected an old thread Manoj. Might be worth starting a new thread.