Sitecore.Services.Client Authentication

Requests to web services built upon the Sitecore.Services.Client framework need to be authenticated, in this post I will look at the authentication features built into Sitecore.Services.Client.

HTTPS is required for calls to authentation services calls. As with the rest of the Sitecore framework SSC uses the ASP.net membership framework. When a authentation request is successful the .ASPXAUTH cookie is set in the response.

For local testing make sure to generate a CA for your local self signed certificate. http://www.asp.net/web-api/overview/security/working-with-ssl-in-web-api 

Login

Request
https://mikerobbins81u1/Sitecore/api/ssc/auth/login

Body
Content-Type: application/json

{
"domain": "sitecore",
"username": "admin",
"password": "b"
}

Response

  • 200 response code
  • .ASPXAUTH cookie set

Logout

Request
https://mikerobbins81u1/Sitecore/api/ssc/auth/logout

Response

  • 200 response code

Authentication Examples

Console Application
Below is a great example from Kern of authentication again SSC within a C# console application.

Windows 10 IoT (Universal Windows Application)

Sitecore SPEAK
As Sitecore.Services.Client authentication is based upon asp.net membership and sets a .ASPXAUTH cookie, the same authentication as the Sitecore client and therefore Sitecore SPEAK. This means you are already authenticated, as you’ll already be authenticated by having the .ASPXAUTH cookie set by the Sitecore login screen.

Advertisements

3 thoughts on “Sitecore.Services.Client Authentication

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s