Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I implement ServiceStack.net rest call over HTTPS?

Tags:

c#

asp.net

asp.net-mvc

servicestack

appharbor

I would like to authenticate users of my servicestack.net rest services using basic auth over HTTPS.

Can anyone explain how the https portion of this would work or point me in the right direction? Is it the responsibility of the client to ensure the calls are made over https? Do I need to do anything involving SSL Certificates to enable this?

This service will most likely live on AppHarbor if that matters.

EDIT

Can anyone cite specific examples of how to accomplish this in service stack. I think that I would be having all of the services in my api require HTTPS. Would I be able to accomplish this using request filters?

like image 946
stephen776 Avatar asked Oct 12 '11 14:10

stephen776

2 Answers

You will need to have an SSL Certificate purchased and installed to handle https (you should be able to get one from your domain name provider, which you will then need to install on your hosting server). The service clients will generally be allowed to connect by any method they choose. It will be your responsibility to stop the request and generate an error message to the client if they attempt to connect by http, instead of allowing them access.

You can validate whether they are on http or https by checking the Request.Url.Scheme property in your REST Service API. Typically, a request for http on a service that requires https will return an HTTP 403 (forbidden) status code. If you have access to IIS, you can force HTTPS easily without doing any coding: http://www.sslshopper.com/iis7-redirect-http-to-https.html

like image 81
mellamokb Avatar answered Nov 03 '22 17:11

mellamokb

If you don't need on all services the following at the top of any service that needs the security does the job:

    if (!Request.IsSecureConnection)
    {
        throw new HttpError(HttpStatusCode.Forbidden,"403","HTTPS ONLY");
    }

However it's better to this as a filter attribute: https://github.com/ServiceStack/ServiceStack/wiki/Filter-attributes

If you want it globally, you could apply your attribute to a shared BaseService or better use a global filter: https://github.com/ServiceStack/ServiceStack/wiki/Request-and-response-filters

...Like this:

this.GlobalRequestFilters.Add((req, res, dto) =>
{
    if (!req.IsSecureConnection)
    {
        res.StatusCode = (int)HttpStatusCode.Forbidden;
        res.Close();
    }
});

If you want one that redirects to https rather than reject request then you could base it on this: http://weblogs.asp.net/dwahlin/requiring-ssl-for-asp-net-mvc-controllers

like image 24
Darren Avatar answered Nov 03 '22 19:11

Darren
Sign in to Comment

Related questions

C#/XNA - Multiplication faster than Division?
How to use button in repeater control?
IoC - Constructor takes a runtime value as one parameter and a service as another
How do I retrieve a list or number of jobs from a printer queue?
How to revert a changeset in team foundation server?
WP7 (windows phone 7) HttpWebRequest losing POST data
Get Grid Cell by mouse click
How to design Date-of-Birth in DB and ORM for mix of known and unknown date parts
How to check if windows user has a password set?
Convert from one delegate to another. Pseudo cast
Sending email using Smtp.mail.microsoftonline.com
How to align kinect's depth image with color image
Read Javascript variable from Web Browser control
How to pin a pointer to managed object in C#?
Session ID not random enough - ASP.NET
Determining the expected type of a DynamicObject member access
Breakpoints not getting hit while debugging in VS10
Casting List<x> to List<y>
Generics & Reflection - GenericArguments[0] violates the constraint of type
Is there a repeater control in C# windows form in Visual 2010? Or an alternative?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!