Protect ServiceStack endpoints in Sitefinity 14.0
NOTE: If your Sitefinity version is prior 14.0 or you are using OpenID authentication and not the new Default on 14.0 and above, please check the older article.
Sitefinity 14.0 introduced a new authentication protocol completely rewritten from scratch and is the recommended one even for upgraded projects.
This will cause the code from the previous article (see the note in the beginning) to stop working. Fortunately the changes that are needed are easy ones:
- Change the middleware type
from:Telerik.Sitefinity.Authentication.Owin.OpenId.SitefinityOpenIdConnectWebApiAuthenticationMiddleware
to: Telerik.Sitefinity.Authentication.Owin.SitefinityAuthenticationMiddleware - Remove openid from the scope