Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I implement ServiceStack.net rest call over HTTPS?

I would like to authenticate users of my servicestack.net rest services using basic auth over HTTPS.

Can anyone explain how the https portion of this would work or point me in the right direction? Is it the responsibility of the client to ensure the calls are made over https? Do I need to do anything involving SSL Certificates to enable this?

This service will most likely live on AppHarbor if that matters.

EDIT

Can anyone cite specific examples of how to accomplish this in service stack. I think that I would be having all of the services in my api require HTTPS. Would I be able to accomplish this using request filters?

like image 946
stephen776 Avatar asked Oct 12 '11 14:10

stephen776


2 Answers

You will need to have an SSL Certificate purchased and installed to handle https (you should be able to get one from your domain name provider, which you will then need to install on your hosting server). The service clients will generally be allowed to connect by any method they choose. It will be your responsibility to stop the request and generate an error message to the client if they attempt to connect by http, instead of allowing them access.

You can validate whether they are on http or https by checking the Request.Url.Scheme property in your REST Service API. Typically, a request for http on a service that requires https will return an HTTP 403 (forbidden) status code. If you have access to IIS, you can force HTTPS easily without doing any coding: http://www.sslshopper.com/iis7-redirect-http-to-https.html

like image 81
mellamokb Avatar answered Nov 03 '22 17:11

mellamokb


If you don't need on all services the following at the top of any service that needs the security does the job:

    if (!Request.IsSecureConnection)
    {
        throw new HttpError(HttpStatusCode.Forbidden,"403","HTTPS ONLY");
    }

However it's better to this as a filter attribute: https://github.com/ServiceStack/ServiceStack/wiki/Filter-attributes

If you want it globally, you could apply your attribute to a shared BaseService or better use a global filter: https://github.com/ServiceStack/ServiceStack/wiki/Request-and-response-filters

...Like this:

this.GlobalRequestFilters.Add((req, res, dto) =>
{
    if (!req.IsSecureConnection)
    {
        res.StatusCode = (int)HttpStatusCode.Forbidden;
        res.Close();
    }
});

If you want one that redirects to https rather than reject request then you could base it on this: http://weblogs.asp.net/dwahlin/requiring-ssl-for-asp-net-mvc-controllers

like image 24
Darren Avatar answered Nov 03 '22 19:11

Darren