Forms Authentication REST API & Hybrid Mobile App

Stephanie Jones asked on January 12, 2016 20:56

I am trying to consume the Forms Authentication REST API in a hybrid mobile app. I am receiving an 403 error.

Here is what I am using: URL - https://project URL/rest/settoken

Method - Post

Response Data Type - JSON

Request Query String Parameters - username, password, token

Request Headers - None

I am using a session id for the token value. From my understanding, the token value will be used as a header with the key/value pair, Cms-Session-Token: session id, in any GET api requests.

Is there an additional value that I should be posting to set the .ASPXFORMSAUTH cookie?

Recent Answers


Roman Hutnyk answered on January 13, 2016 05:32

It does not sound like REST API is going to authenticate user, but associate some token with current user - I might be wrong here. Have you tried to authenticate in a regular way first (e.g. /cmspages/logon.aspx) and then post this request? Will it return you 403?

0 votesVote for this answer Mark as a Correct answer

Sean Wright answered on January 13, 2016 06:17 (last edited on January 13, 2016 06:17)

@crystal ege What is the request you are making? It seems the REST api returns a 403 when you normally might expect a 404 or 400. If the url has a typo in it you will get a 403, not 404.

Here is what I am doing in the app I created

  1. Log into Kentico site using normal forms login
  2. Visit page that has my javascript app running in it
  3. App makes POST to 'http://your-site-url.com/rest/settoken?username=' + username + '&password=' + password + '&token=' + token;
  4. App makes GET to 'http://your-site-url.com/rest/ecommerce.sku?columns=SKUID,SKUName,SKUImagePath,SKUPrice,SKUAvailableItems?format=json' with header key 'Cms-Session-Token' and value token (whatever token I sent to /rest/settoken)

I was originally trying to make GET requests to 'http://your-site-url.com/rest/com.sku' and I was receiving 403 responses, which led me to believe something was wrong with my authentication/user/permissions but it was the request url that was incorrect.

0 votesVote for this answer Mark as a Correct answer

Sean Wright answered on January 13, 2016 20:42 (last edited on January 13, 2016 20:53)

For anyone else trying to figure out how to get this all working - first make sure you consult the documentation for configuring the REST service in Kentico.

https://docs.kentico.com/display/K9/Configuring+the+REST+service

Once you have that done, check out this Gist I created which shows how to use the API with an Angular app. This app uses the Forms Authentication approach for the REST API, not Basic Authentication. This means you will need to log into Kentico first before using this app.

https://gist.github.com/sgwatgit/7639ae56ff1d79e0d100

  • Add the template.html to a Template in Kentico or a StaticHTML web part.
  • Add the header.html contents to the Header tab of the Template in Kentico.
  • Add the dashboard.js file to the Javascript files in the javascript module.
  • Change the value of the dashboard.js link in template.html to suit your domain.
  • Change the value of yourDomain, yourUsername and yourPassword in dashboard.js to match the domain you are running on and the username/password of the user you are logging into Kentico with.
0 votesVote for this answer Mark as a Correct answer

Chetan Sharma answered on January 17, 2016 15:24 (last edited on January 17, 2016 15:24)

@Crystal Ege - if you read this documentation you will find that it only supports GET requests and not POST.

Furthermore, you will have to be authenticated(logged in) to be able to send requests and receive response.

Else, you could generate a Hash Authenticated URL for your resource. This works if you have limited URLS otherwise it will be a pain to generate multiple URLS. Dynamic URLS are not supported using this method.

Caution:- If you are deploying your code across different developmet servers(Dev, QA, UAT), you will need to regenerate these URLS on each of these domains.

Best approach will be to write your own webservice.

I hope this helps you.

Thanks, Chetan

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.