Disable Sitecore filters for Web API controllers
I have previously written about how easy it to implement Web API controllers in Sitecore. However since Sitecore adds a lot of global filters for authorization and security policies - e.g. see sitecore/api/configuration/filters
section in Sitecore.Services.Client.config
. You might want to disable these filters, as they can interfere when building a public accessible API - see gist below. During a debugging session I noticed that a filter from some FXM assembly were also added.
To be fair, most of Sitecore’s implementations of IFilter/ActionFilterAttribute
that are assigned globally on HttpConfiguration
, does check for presence of ServicesControllerAttribute
and inheritance of ServicesApiController
. This means you might prevent these filters from doing anything by using System.Web.Http.ApiController
as base class for your controllers. I haven’t been though the code for all Sitecore’s filters, so I’m playing it safe, and decorate my ApiControllers with a ClearSitecoreWebApiConfigAttribute
.
I encourage the developers of Sitecore to consider using controller-specific configuration instead of loading the global HttpConfiguration
with all kinds of module or feature specific stuff.