Protect ServiceStack endpoints in Sitefinity 14.0

Protect ServiceStack endpoints in Sitefinity 14.0

NOTE: If your Sitefinity version is prior 14.0 or you are using OpenID authentication and not the new Default on 14.0 and above, please check the older article.

Sitefinity 14.0 introduced a new authentication protocol completely rewritten from scratch and is the recommended one even for upgraded projects.

This will cause the code from the previous article (see the note in the beginning) to stop working. Fortunately the changes that are needed are easy ones:

  • Change the middleware type
    from:Telerik.Sitefinity.Authentication.Owin.OpenId.SitefinityOpenIdConnectWebApiAuthenticationMiddleware
    to: Telerik.Sitefinity.Authentication.Owin.SitefinityAuthenticationMiddleware
  • Remove openid from the scope

 

The updated code: