Vulnerability in EPiServer.Forms
I have a weird issue where executing a search using the extension method UnifiedSearchFor returns no results. However, if I'm logged into the CMS and then perform a site search in a separate browser tab, results are returned as expected. I'd have thought unified search can be used for site wide search
I'm triggering the search using a Web API controller. So when I tried to execute unified search from a normal page controller and it returned results in an anonymous user context!!!
This is my code
I'd appreciate any suggestions as to why Unified Search doesn't return results for anonymous users when executed in a WebAPI context. I did come across this old forum post with a similar issue but it doesn't hint at a solution
Could you check the available override of the GetResult method and try to set the one for filtering for public display (or something like that) to false?
It might be something related to access rights.
Try like this-
ITypeSearch<ISearchContent> search = SearchClient.Instance.UnifiedSearchFor(query, Language.Norwegian);
UnifiedSearchResults res = search.GetResult(new HitSpecification(), false);
It might return all the results so you may need to filter it later on.
Thanks for your reply.
I did try the filterForPublicSearch = false parameter. It does return results but doesn't explain why UnifiedSearchFor doesn't return results in WebAPI context for public visitors whereas calling it from a PageController works.
Furthermore, I'm not sure of the implications of passing false for filterForPublicSearch. I understand it will also return content that the public visitor is not meant to see.
Yes, It will return all the items in the result.
I also search and found that it is not working in the case of web API. you check here So I suggest you create a support ticket they may come with a fix