SaaS CMS has officially launched! Learn more now.

Using ContentDelivery API and ServiceAPI - Auth errors

Vote:
 

Hi,

I am using the EpiServer Service API and Content Delivery API. I want to use both Authorization, so I added the following code in my Startup.cs class.

app.UseServiceApiIdentityTokenAuthorization<ApplicationUserManager<ApplicationUser>, ApplicationUser>();
app.UseContentApiIdentityOAuthAuthorization<ApplicationUserManager<ApplicationUser>, ApplicationUser>();

If I call the Auth token endpoints to generate the Tokens both works.

POST /api/episerver/auth/token Returns OK (ContentDelivery API)

POST /episerverapi/token Returns OK (EPiServer Service API)

When I make a call to the Content Delivery Endpoint, it works, I get my data back.

BUT when I make a call to the Service API, I am getting the following exception.

{
"Message": "An error has occurred.",
"ExceptionMessage": "Sequence contains more than one element",
"ExceptionType": "System.InvalidOperationException",
"StackTrace": " at System.Linq.Enumerable.SingleOrDefault[TSource](IEnumerable`1 source)\r\n at Microsoft.Owin.Security.AuthenticationManager.<AuthenticateAsync>d__8.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.HostAuthenticationFilter.<AuthenticateAsync>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.AuthenticationFilterResult.<ExecuteAsync>d__5.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ExceptionFilterResult.<ExecuteAsync>d__6.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Web.Http.Controllers.ExceptionFilterResult.<ExecuteAsync>d__6.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Dispatcher.HttpControllerDispatcher.<SendAsync>d__15.MoveNext()"
}
I assume it is registering both Authorizations but if I remove the one or the other one then I cannot Auth one or the other's calls.
Service API requires the UseServiceApiIdentityTokenAuthorization and the Content Delivery API requires the UseContentApiIdentityOAuthAuthorization
Has anyone ever tested if BOTH APIs can work together or managed to get around this problem?

#205459
Jul 11, 2019 12:08
Vote:
 

i have the same issue.... any dev/fix on this?

Thanks

#216147
Jan 27, 2020 21:30
Vote:
 

Hi, I know it is quite a late answer, but hope that it will help other people that have the same issue.

Basically, both UseServiceApiIdentityTokenAuthorization() of ServiceApi and UseContentApiIdentityOAuthAuthorization() of ContentDeliveryApi use the OWIN OAuthAuthorizationServerProvider under the hood. So if you register both methods, OWIN will throw an exception because of duplicated OAuth provider. 

However, because ServiceApi and ContentDeliveryApi both use OWIN OAuth middleware so you really do not need to register both methods. Just use whichever method you prefer (for example: UseServiceApiIdentityTokenAuthorization()) and retrieve the token. After that, you should be able to use this token to authenticate with both ServiceApi and ContentDeliveryApi. Just make sure that your user has sufficient privileges to access both APIs.

#217062
Feb 14, 2020 10:21
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.