IIS - anonymous API access

I have IIS running and have created API. Let’s say I need to access In general I would like* to be accessed by any user without authorization.

Thaks in advance for any suggestions.

In order to allow anonymous access to your API’s you need to configure both IIS and the API model element.

It is a good practice to use e.g. /public url for all public web pages so the setup is simple.

  1. Set the Roles of your API to an asterisk *. This will make ORIGAM to let anyone access this API regardless of the assigned application roles (even with no roles assigned).
  2. Add the following lines to your web.config under /configuration section. This settings will make IIS allow anonymous access to any API under the public path.
  <location path="public">
        <allow users="*" />

All anonymous access will be internally handled under an identity of a guest user. You need to have an entry in the BusinessPartner table with UserName="guest".

1 Like

That’s it. I was missing the guest user in BusinessPartner table. Thank you for quick answer.

I set the configuration as described. But I get only blank pages, when I’m not authorized. When I authorize as common user (not guest - origam user mechanism), the data are loaded successfully. The BusinessPartner with username guest has no roles assigned. I’m testing this with application server 2016.3.11. There is no error in IIS log. Please, any suggestion what could be wrong?


What data are you expecting? XML/HTML/JSON?

Try to look to the source code of result page (is it really blank)? What’s the http status?

Or don’t you have any row-level security filter on the data you try to request?