How do you implement authentication in servicestac

2019-03-08 14:41发布

问题:

I'm investigating servicestack.net - but it's examples and articles don't seem to cover authentication - is this something handled by servicestack.net - and if so how?

In particular I'm interested in implementing support for:

  • OAuth (So being able to inspect the raw request and validate it/retrieve the associated user info and associate with the request prior to passing it onto servicestack.net for processing).
  • Session/cookie based authentication (so allowing for Ajax clients which already have a valid ASP.Net session to use that for authentication, instead of needing to explicitly pass login and password details to obtain a session token suitable for submitting with subsequent requests).

Could someone point me in the direction of documentation/examples that demonstrate authentication/security when using the ServiceStack.Net framework.

回答1:

Edit: There is now a new Authentication provider model in ServiceStack with the following built-in providers:

  • Credentials - For authenticating with username/password credentials. e.g. Form Auth
  • Basic Auth - Allowing users to authenticate with Basic Authentication
  • Twitter OAuth - Allow users to Register and Authenticate with Twitter
  • Facebook OAuth - Allow users to Register and Authenticate with Facebook

The new auth provider model is entirely optional and is a user-level library built on top of ServiceStack's existing Request / Response filters.

For more info on how to create your own check this thread for authentication options in ServiceStack.

https://groups.google.com/d/topic/servicestack/U3XH9h7T4K0/discussion

Basically you can use Request filters to intercept the request or a base class to add generic validation logic. The thread contains examples of both options.

Alternatively you can host ServiceStack together with another ASP.NET web framework so you can use its built-in auth provider, and just validate a valid user session in ServiceStack using Request Filters and cookies.

Here's an example of implementing HTTP Basic Auth with Request filters