I want to restrict the Sitecore Item Web API to send data to authenticated user only & as per the documentation,we need to pass the user name & password in http request header
as X-Scitemwebapi-Username
& X-Scitemwebapi-Password
To achieve this,I used below code:
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://scapidemo.local/-/item/v1/?sc_itemid={110D559F-DEA5-42EA-9C1C-8A5DF7E70EF9}&sc_database=master");
request.Headers["X-Scitemwebapi-Username"] = "admin";
request.Headers["X-Scitemwebapi-Password"] = "b";
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Response.Write(String.Format("Content length is {0}", response.ContentLength));
Response.Write(String.Format("Content type is {0}", response.ContentType));
// Get the stream associated with the response.
Stream receiveStream = response.GetResponseStream();
// Pipes the stream to a higher level stream reader with the required encoding format.
StreamReader readStream = new StreamReader(receiveStream, Encoding.UTF8);
Response.Write("<br /> Response stream received. <br />");
Response.Write(readStream.ReadToEnd());
In Sitecore.ItemWebApi.config
I've added setting for my website as below:
itemwebapi.mode="StandardSecurity"
itemwebapi.access="ReadOnly"
itemwebapi.allowanonymousaccess="false"/>
Now while running my app I'm getting this error:
{"statusCode":401,"error":{"message":"Access to site is not granted."}}
You are passing the user without the domain it belongs to. The ItemWebAPI does not have a default domain so every time you make you make a call you need to pass your user like this "domain\user".
All that said - try it like this:
request.Headers["X-Scitemwebapi-Username"] = @"sitecore\admin";
request.Headers["X-Scitemwebapi-Password"] = "b";
来源:https://stackoverflow.com/questions/25383502/sitecore-7-2-item-web-api-user-authentication