Mike Robbins

Sitecore Developer Blog

Follow me on GitHub

Sitecore.Services.Client Authentication

Requests to web services built upon the Sitecore.Services.Client framework need to be authenticated, in this post I will look at the authentication features built into Sitecore.Services.Client.

HTTPS is required for calls to authentation services calls. As with the rest of the Sitecore framework SSC uses the ASP.net membership framework. When a authentation request is successful the .ASPXAUTH cookie is set in the response.

For local testing make sure to generate a CA for your local self signed certificate. http://www.asp.net/web-api/overview/security/working-with-ssl-in-web-api 

Login

Request
https://mikerobbins81u1/Sitecore/api/ssc/auth/login

Body
Content-Type: application/json

{
  "domain": "sitecore",
  "username": "admin",
  "password": "b"
}

Response

  • 200 response code
  • .ASPXAUTH cookie set

Logout

Request
https://mikerobbins81u1/Sitecore/api/ssc/auth/logout

Response

  • 200 response code

Authentication Examples

Console Application
Below is a great example from Kern of authentication again SSC within a C# console application.

Windows 10 IoT (Universal Windows Application)

Sitecore SPEAK
As Sitecore.Services.Client authentication is based upon asp.net membership and sets a .ASPXAUTH cookie, the same authentication as the Sitecore client and therefore Sitecore SPEAK. This means you are already authenticated, as you'll already be authenticated by having the .ASPXAUTH cookie set by the Sitecore login screen.