With SSC, we can create custom Web API by inheriting ServicesApiController and get all the security benefits and filters.
Here are tips on security I found during working with Sitecore Service Client, especially in development environment.
- Click the server node in IIS and open the “Server Certificates”.
2, Because the certificate is not a real one, when calling the https url, we may get error indicating the certificate not valid. Here are piece of code to bypass it, but DO NOT USE IT IN PRODUCTION.
private static void BypassCertificateError()
ServicePointManager.ServerCertificateValidationCallback += delegate (
3, Modify the configuration file “Sitecore.Services.Client.config” to set security service policy on as below. The default was “ServiceLocalOnlyPolicy”.