REST Authentication

We are having trouble with authentication for the different services. 

For example when we try to connect to rest service:

/SuperOffice/api/v1/Person

we are asked for logon info. And a SuperOffice login for a admin user does not work here?

 

Regards

Jon

 

RE: REST Authentication

Take a look at the introduction article:

https://community.superoffice.com/en/content/content/general/superoffice-restful-api/

And then the documentation:

https://community.superoffice.com/documentation/sdk/SO.NetServer.Web.Services/html/Reference-WebAPI-REST-REST.htm

For Online you need an access token from SuperId.

For on-site installations you need a username + password, or an existing ticket.

You can configure which authentication methods are supported in the web.config file.

 

Look for the <WebApi> section in web.config

<WebApi>
      <add key="AuthorizeWithUsername" value="true" />
      <add key="AuthorizeWithTicket" value="true" />
      <add key="AuthorizeWithImplicit" value="true" />
      <add key="CORSEnable" value="true" />
      <add key="CORSOrigin" value="https://mail.google.com" />
</WebApi>


By: Christian Mogensen 10 Jan 2018

RE: REST Authentication

Hi Christian,

I experience the same issue. Do we need to autenticate with a SuperOffice Admin user or a System User?

By: Alexander Hesselberth 16 Jan 2018

RE: REST Authentication

Hi, I'm following same issue mentioned from Jon. I have a user which can successfully login on SuperOffice console, but when I call an API, for instance http://theserver/SuperOffice/api/v1/List/WebPanel/Items

I obtain "401 unauthorized"

Can you kindly give me an help?

Our configuration is:

 

  <section name="WebApi" type="System.Configuration.NameValueSectionHandler, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=fgsdfgsdfgs" />

 

<WebApi>

      <add key="AuthorizeWithUsername" value="true" />

      <add key="AuthorizeWithTicket" value="true" />

      <add key="AuthorizeWithImplicit" value="true" />

      <add key="CORSEnable" value="true" />

      <add key="CORSOrigin" value="moz-extension://395159fd-2c7a-4343-94a8-7cf2dcf98c3f https://mail.google.com" />

    </WebApi>

 

Thanks in advance

By: Lucio Fioramonti 18 Jan 2018

RE: REST Authentication

Hi,

So I've been testing this myself, and found out that in my case the issue was with having basic authentication enabled on the application (Anonymous and Windows Authentication worked fine).

Will need to test this a bit further, and perhaps get someone with a bit more know-how to explain this issue.

By: Simen Mostuen Iversen 23 Jan 2018

RE: REST Authentication

I experienced the same behaviour. After some research I found out that Basic Authentication was enabled on the application in IIS while it was disabled on the website it self (top level).

After I disabled Basic Authentication on the application I was able to logon with the SuperOffice system user when I connect to the API via the browser. Since the web application does not use Basic Authentication it is the best to disable this on the whole web site and apply this setting on all applications. (top down).

By: Alexander Hesselberth 7 Feb 2018

RE: REST Authentication

Same issue here. Using basic auth against /SuperOffice/api/v1/Contact/3 gave a "401 Unauthorized" error. 

Fixed it by following Alexanders tips. Disabled "Basic auth" on the /SuperOffice application, and enabled it on the entire Web Site instead.

By: Frode Lillerud 5 May 2018

RE: REST Authentication

In attempts to mitigate future confusion on this matter, I have appended a new IIS Configuration subsection in the REST article that is more explicit with regards to configuring Basic Authentication.

Best Regards.

By: Tony Yates 7 May 2018

RE: REST Authentication

There is a conflict between authentication settings in SuperOffice REST API article and requirements for Single Sign-On. In fact we set authentication to Anonymous and for single sign-on, we need to disable it. Is there a workaround for this? 

By: Boyan Yordanov 6 Aug 2018

RE: REST Authentication

Hi Boyan!

One work around is to have two sites, one for the WebClient/NetServer (daily users) and one just for NetServer Services (REST integrations).

Best regards. 

By: Tony Yates 7 Aug 2018

RE: REST Authentication

Thank you, Tony!

Will test in our development environment. Any other authentication for REST will not work?

Boyan 

By: Boyan Yordanov 7 Aug 2018