volume_up

A critical vulnerability was discovered in React Server Components (Next.js). Our systems remain protected but we advise to update packages to newest version. Learn More

AI OnAI Off

Content Delivery API - 403 for CatalogContent for CatalogNode

Vote:
expand_less 0 expand_more

Hello,

We have installed the latest Content Delivery API with all the extras like OAuth and Search.

I have setup the contentapiread access group and gave it full rights to the root.

I have also added the following in the web.config.

<add name="contentapiread" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators, WebEditors" mode="Any" />

Set on the ROOT

I have also created a ContentDeliveryApiInitialization class and just added.

public void ConfigureContainer(ServiceConfigurationContext context)
{

context.Services.Configure<ContentApiConfiguration>(config =>
{
config.Default().SetMinimumRoles(string.Empty);
});
}

I have managed to make a successfull call to a product with the following query.

api/episerver/v2.0/content/7AF43301-CDAE-4A46-AACD-A618ECAB7B35 returned 200 with the data as expected.

Then I made another call with the api/episerver/v2.0/content/21bafbbb-b9a6-49f0-850c-547be8eba851 and it returned a 403 - Forbidden: Access is denied.

This is the parentlink of the previous call's response. Basically, I want to get the Product's parent which is the CatalogNode or Category.

Any advice that I can use to get around this problem?

#205018
Edited, Jun 26, 2019 8:48
Quan Tran
Quan Tran
Vote:
expand_less 0 expand_more

Hi,

When setting access right for the root, do you check on "Apply settings for all subitems"  ?

There should be a difference between the content's access right and its parent.

Can you show the access right settings both of them ?

#205054
Edited, Jun 27, 2019 10:37
Vote:
expand_less 0 expand_more

Hi Quan,

Thanks for the reply.

I checked again and I realised that I also had to go to the Catalog Node -> Manage Access Rights -> add the ContentApiRead.

For some weird reason I cannot do that on the Root in the Catalog.

It works now, so all is good.

Weird that I could find products without giving access but it had issues when looking at the Catalog Node.

Thanks

#205059
Edited, Jun 27, 2019 11:47
Quan Tran
Quan Tran
Vote:
expand_less 0 expand_more

Hi Willem,

Good to hear that it works now. Please mark your answer as "Accepted answer" so that this topic can be closed.

#205063
Jun 27, 2019 12:14
error This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.