Getting AccessDenied for Content API requests

Vote:
 

Hello guys,

I have this strange situation and not sure what exactly is happening.

I have a content api which makes use of Oauth. We have visitor groups set up in applicaiton based on incoming claims. Everything is fine as long as I have Authenticated option checked in permissions.

If I remove the authentictated option and apply the visitor groups on the page, I start getting access denied. This is what I have in the config file

<add name="contentapiread" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="Authenticated" mode="Any" />

Below is the code setup.

=====================

context.Services.Configure<ContentApiConfiguration>(config =>
{
config.Default(RestVersion.Version_2_0)
.SetIncludeNullValues(false)
.SetMinimumRoles(string.Empty);


});

=====================

I have also verified that right claims are coming back for visitor group to apply because same thing works directly in the application. Issue seems to be only when trying to fetch a page through content api.

Any inputs is much appreciated.

#228380
Sep 24, 2020 16:37
Vote:
 

Found this eventually that the config forces Authenticated Roles to be mandatory on content to be accessed.

<add name="contentapiread" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="Authenticated" mode="Any" />

SetRequiredRoles(null) was the solution to have it working. Just in case if anyone needs.

#228867
Oct 04, 2020 15:10
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.