Dev GuideAPI ReferenceUser Guide
HomeDev GuideRecipesAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide
GitHubNuGetDev CommunityOptimizely AcademySubmit a ticket

Authentication requests in C# SDK

Explains how to authenticate requests in the Optimizely Graph C# SDK using Single Key or Basic Authentication, and how each method affects which content your queries can access.

The Optimizely Graph C# SDK supports two authentication methods. The authentication method determines which content your queries can return from Optimizely Graph.

Single Key authentication

Single Key authentication is the default configuration. In this mode, queries return only published content that is publicly available. You do not need to add status filters to your queries.

Use this mode for public websites where only published content should appear.

Single Key query example

var result = await _graphClient
    .QueryContent<BlogPostPage>()
    .Where(x => x.Author == "John Developer")
    .Limit(10)
    .GetAsContentAsync();

Use Single Key authentication for the following scenarios:

  • Serve published content on a public-facing website.
  • Avoid manually filtering content status in queries.

Basic authentication

Basic authentication provides access to all content, including drafts and unpublished items.

Display content on a website with WithDisplayFilters

If the query displays content on a website, use WithDisplayFilters() in the query chain before GetAsContentAsync(). This method applies publishing filters and passes the currently authenticated user (if any) into the query.

var result = await _graphClient
    .QueryContent<BlogPostPage>()
    .Where(x => x.Author == "John Developer")
    .WithDisplayFilters()
    .Limit(10)
    .GetAsContentAsync();

Take full control with WithAuth

For full control over authentication and authorization, use WithAuth(). This method exposes all authentication and authorization options.

var result = await _graphClient
    .QueryContent<BlogPostPage>()
    .Where(x => x.Author == "John Developer")
    .WithAuth(x => x.AuthenticationMode = AuthenticationMode.FullAccess)
    .Limit(10)
    .GetAsContentAsync();

Use AuthenticationMode.FullAccess to load any content, regardless of its publication status or user permissions.

Run a query as a specific user with AsUser

To load content for a specific user, use AsUser() and pass an IPrincipal object with the user's identity and roles.

IPrincipal user = GetUser();

var result = await _graphClient
    .QueryContent<BlogPostPage>()
    .Where(x => x.Author == "John Developer")
    .AsUser(user)
    .Limit(10)
    .GetAsContentAsync();

Run a query as the current user with AsCurrentUser

To load content for the currently authenticated user, use AsCurrentUser().

var result = await _graphClient
    .QueryContent<BlogPostPage>()
    .Where(x => x.Author == "John Developer")
    .AsCurrentUser()
    .Limit(10)
    .GetAsContentAsync();

Both AsCurrentUser() and AsUser() use Basic authentication.

Security best practices

❗️

Important

Do not share API keys or secrets. If you contact Optimizely Support about a query issue, provide the correlation-id returned in the response instead of sharing credentials.

Store credentials using environment variables or a secure secrets manager. Do not commit credentials to source-controlled configuration files such as appsettings.json.

Updated 6 days ago