Don't miss out Virtual Happy Hour this Friday (April 26).
Try our conversational search powered by Generative AI!
AI OnAI Off
Getting AccessDenied for Content API requests
Found this eventually that the config forces Authenticated Roles to be mandatory on content to be accessed.
<add name="contentapiread" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="Authenticated" mode="Any" />
SetRequiredRoles(null) was the solution to have it working. Just in case if anyone needs.
Oct 04, 2020 15:10
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
Hello guys,
I have this strange situation and not sure what exactly is happening.
I have a content api which makes use of Oauth. We have visitor groups set up in applicaiton based on incoming claims. Everything is fine as long as I have Authenticated option checked in permissions.
If I remove the authentictated option and apply the visitor groups on the page, I start getting access denied. This is what I have in the config file
<add name="contentapiread" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="Authenticated" mode="Any" />
Below is the code setup.
=====================
context.Services.Configure<ContentApiConfiguration>(config =>
{
config.Default(RestVersion.Version_2_0)
.SetIncludeNullValues(false)
.SetMinimumRoles(string.Empty);
});
=====================
I have also verified that right claims are coming back for visitor group to apply because same thing works directly in the application. Issue seems to be only when trying to fetch a page through content api.
Any inputs is much appreciated.