Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to do token based auth using ServiceStack

How would I implement the following scenario using ServiceStack?

Initial request goes to http://localhost/auth having an Authorization header defined like this:

Authorization: Basic skdjflsdkfj=

The IAuthProvider implementation validates against a user store and returns a session token as a response body (JSON).

The client uses this token an resends it against the subsequent requests like http://localhost/json/reply/orders using the Authorization header like this:

Authorization: BasicToken <TokenFromPreviousSuccessfulLogin>

Using a AuthenticateAttribute I want to flag my Service to use Authentication.

How should I implement the validation of the token for the subsequent requests? How should I implement the IAuthProvider to provide the token? How would I register the Providers etc.? Using RequestFilters or using the AuthFeature?

like image 338
Alexander Zeitler Avatar asked May 21 '13 15:05

Alexander Zeitler


1 Answers

ServiceStack's JWT AuthProvider and API Key AuthProvider both use token based Authentication.

Otherwise the BasicAuth Provider is a very simple class that simply extracts the UserName and Password from the BasicAuth Header and evaluates it:

public override object Authenticate(...)
{
    var httpReq = authService.RequestContext.Get<IHttpRequest>();
    var basicAuth = httpReq.GetBasicAuthUserAndPassword();
    if (basicAuth == null)
        throw HttpError.Unauthorized("Invalid BasicAuth credentials");

    var userName = basicAuth.Value.Key;
    var password = basicAuth.Value.Value;

    return Authenticate(authService, session, userName, password, request.Continue);
}

If you want to provide enhanced behavior, I would simply inherit this class check for the Authorization: BasicToken header, if it exists use that otherwise call the base.Authenticate(...) method to perform the initial validation.

like image 178
mythz Avatar answered Nov 06 '22 03:11

mythz