ClaimsManager always returning anonymous identity from custom Web API in Sitefinity

The issue

When utilizing the GetCurrentIdentity method of ClaimsManager to access the current user’s identity from within your custom Web API, the identity is always returning Anonymous – even for logged in users. This happens when you wire up a custom Web API route to /api/. For example:

    config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{id}/{action}",
            defaults: new { id = RouteParameter.Optional, action = RouteParameter.Optional }
        );

The cause

The /api/ route is conflicting with Sitefinity’s out-of-the-box web services. Sitefinity’s web services utilize bearer token authentication.

The fix

You could configure your client to always provide the token in the authorization headers. Or… you can just change Sitefinity’s out-of-the-box web services path so it does not conflict with your own.

Administration -> Settings -> Advanced -> WebServices -> Routes -> Frontend (Change the url name from “api” to “sfapi”)

Or, you could always configure your custom API to be on another route. The decision is yours.

Leave a Reply

Your email address will not be published. Required fields are marked *