How do you implement authentication in servicestack.net

c# security authentication servicestack
Bittercoder picture Bittercoder · May 3, 2011 · Viewed 13k times · Source

I'm investigating servicestack.net - but it's examples and articles don't seem to cover authentication - is this something handled by servicestack.net - and if so how?

In particular I'm interested in implementing support for:

  • OAuth (So being able to inspect the raw request and validate it/retrieve the associated user info and associate with the request prior to passing it onto servicestack.net for processing).
  • Session/cookie based authentication (so allowing for Ajax clients which already have a valid ASP.Net session to use that for authentication, instead of needing to explicitly pass login and password details to obtain a session token suitable for submitting with subsequent requests).

Could someone point me in the direction of documentation/examples that demonstrate authentication/security when using the ServiceStack.Net framework.

Answer

mythz picture mythz · May 3, 2011

Edit: There is now a new Authentication provider model in ServiceStack with the following built-in providers:

  • Credentials - For authenticating with username/password credentials. e.g. Form Auth
  • Basic Auth - Allowing users to authenticate with Basic Authentication
  • Twitter OAuth - Allow users to Register and Authenticate with Twitter
  • Facebook OAuth - Allow users to Register and Authenticate with Facebook

The new auth provider model is entirely optional and is a user-level library built on top of ServiceStack's existing Request / Response filters.

For more info on how to create your own check this thread for authentication options in ServiceStack.

https://groups.google.com/d/topic/servicestack/U3XH9h7T4K0/discussion

Basically you can use Request filters to intercept the request or a base class to add generic validation logic. The thread contains examples of both options.

Alternatively you can host ServiceStack together with another ASP.NET web framework so you can use its built-in auth provider, and just validate a valid user session in ServiceStack using Request Filters and cookies.

Here's an example of implementing HTTP Basic Auth with Request filters

Related questions

How to validate domain credentials?

I want to validate a set of credentials against the domain controller. e.g.: Username: STACKOVERFLOW\joel Password: splotchy Method 1. Query Active Directory with Impersonation A lot of people suggest querying the Active Directory for something. If an exception is …

Read More
Implement identity server authentication in real world scenario

I am investigating how IdentityServer 3 works and I still have problem to fully understand. In general concept is clear to me but still I am not sure how to implement this on real project. This is basic example that I …

Read More
Asp.Net Role-based authentication using Security groups in Active Directory

I am attempting to do something simple (I thought) - securing my application using roles-based security using Active Directory groups in our Domain. Specifically, I need to show/hide items on a page depending upon whether the currently logged in …

Read More