Add-on controller is not called

[sl-mmuradov]

Hi there,

I built a simple Add-on, installed them to Foundation NET5 Core, but it doesn't work.
I'm not sure it is mine issue, or Foundation/EPi12.

Ok, my add-on has only one class

using Microsoft.AspNetCore.Mvc;

namespace MyEPiModule
{
    public class HelloController : Controller
    {
        [HttpGet]
        public ActionResult Index()
        {
            return new ContentResult { Content = "Hello from my EPiServer module!" };
        }

        [HttpGet]
        public ActionResult Show()
        {
            return new ContentResult { Content = "Show: Hello from my EPiServer module!" };
        }
    }
}

It depends on EPiServer.CMS 12.2.1 only.
module.config is simple

<?xml version="1.0" encoding="utf-8"?>
<module loadFromBin="false"
		moduleJsonSerializerType="Net"
		prefferedUiJsonSerializerType="Net"
		clientResourceRelativePath=""
		description="My first EPiServer NET5 Core module"
		tags="EPiServerModulePackage">
  <assemblies>
    <add assembly="MyEPiModule"/>
  </assemblies>

  <routes>
    <route url="{moduleArea}/{controller}/{action}/">
      <defaults>
		<add key="moduleArea" value="MyEPiModule" />
        <add key="controller" value="Hello"/>
		<add key="action" value="Index"/>
      </defaults>
    </route>
  </routes>
</module>

I put MyEPiModule.dll to bin folder near Foundation.dll. module.config is put under /modules/_protected/MyEPiModule.

Requests /episerver/myepimodule/hello/index and /episerver/myepimodule/hello/show response HTTP404 Not Found.

In EPi11 I had to desribe my add-on in web.config. But it is obsolete for Foundation NET5 Core (according to EPi doc).

Am I missed something? Are there additional steps for registering add-on in Foundation/EPi12?

[lunchin]

By default the module system does not autodiscover. You can either turn on autodiscover

services.Configure<ProtectedModuleOptions>(x => x.AutoDiscovery = EPiServer.Shell.Configuration.AutoDiscoveryLevel.Modules);

or register manually like

services.Configure<ProtectedModuleOptions>(x =>
            {
                if (!x.Items.Any(x => x.Name.Equals("MyEPiModule")))
                {
                    x.Items.Add(new ModuleDetails
                    {
                        Name = "MyEPiModule"
                    });
                }
            });

[sl-mmuradov]

It works! Thank you @lunchin!
Good point to mention that somewhere in https://world.optimizely.com/documentation/developer-guides/CMS/add-ons/

[sl-mmuradov]

Found out one more issue.
Add-on controller works fine in browser. It works with auth after login with username/password. But it shows login page in Postman after auth via OpenID.
Content Delivery API request /api/episerver/v3.0/content/14 works fine in Postman (OpenID auth), but responses

{"type":"https://tools.ietf.org/html/rfc7231#section-6.5.4","title":"Not Found","status":404,"detail":"Content not found","instance":"/api/episerver/v3.0/content/14","traceId":"00-0fcc7f10a1b91f4dab46163febf2ef3c-c6ad6aa9d43c2140-00","code":"NotFound"}

in browser.
I saw doc about introducing OpenID in EPiServer https://world.optimizely.com/documentation/developer-guides/content-delivery-api/getting-started/api-authentication/ but

[Authorize(OpenIDConnectOptionsDefaults.AuthenticationScheme)]
public class MyApiController : ControllerBase
{
}

doesn't work for me.
What did I missed to cause my add-on work with auth by OpenID? I appreciate any help.
@lunchin I know you have a hidden knowledge ;-)

[lunchin]

In foundation https://github.com/episerver/Foundation/blob/main/src/Foundation/Startup.cs#L118 we register episerver.openconnect

To get a token

http://localhost:50244/epi/episerver/connect/token

grant_type=client_credentials
client_id = postman-client
client_secret= postman

[sl-mmuradov]

@lunchin yes, it works fine. epi/episerver/connect/token gives me accessToken. I use them as Authentication: Bearer {{accessToken}} for calling episerver/mymodule/hello/index but EPiServer responses with login page.

[lunchin]

Ahh I think the module has a default policy of "Cms Admins" when not configured in module.config.
authorizationPolicy="episerver:cmsadmin"

We plan to add ACL support for applications in future version, which can help with permissions. I think you can test bow using grant_type password with a admin user

grant_type=password
client_id = postman-client
client_secret= postman
usernmae=name
password=password

[sl-mmuradov]

Hi @lunchin
Tried authorizationPolicy

<?xml version="1.0" encoding="utf-8"?>
<module loadFromBin="false"
		moduleJsonSerializerType="Net"
		prefferedUiJsonSerializerType="Net"
		clientResourceRelativePath=""
		description="My first EPiServer NET5 Core module"
		tags="EPiServerModulePackage"
		authorizationPolicy="episerver:cmsadmin">
  <assemblies>
    <add assembly="MyEPiModule"/>
  </assemblies>

  <routes>
    <route url="{moduleArea}/{controller}/{action}/">
      <defaults>
	    <add key="moduleArea" value="MyEPiModule" />
        <add key="controller" value="Hello"/>
	    <add key="action" value="Index"/>
      </defaults>
    </route>
  </routes>
</module>

and [Authorize(Policy = "episerver:cmsadmin")] but no luck.
I checked both grant_types password and client_credentials. OpenID gives access_token, but server responses login page for a module again (

[lunchin]

okay i will put a sample together today