Menu
I am creating a secure (SSL) public service where the users credentials reside in Active Directory. I want to leverage ServiceStack's Authentication and have read over the wiki article. I already have code written to verify the user credentials with AD. I have a few questions.
Update 2: I did end up making a test SS service that integrated with AD, using CredentialsAuthProvider. However my ultimate goal it to have 1 site that is an api when called by clients. So basically a SS MVC site.
Update:
It is my understanding after doing some more research that SS is considering doing a commercial product that may support Windows Authentication in the future. I read this in a comment from mythz on the SS Google group. The reason I asked this SO question is that my company builds internal applications using IWA and adopting SS MVC is hard without IWA. I think I read that you could host the SS MVC site off of a ASP.NET site that uses IWA but I have not tried that yet.
496
Windows Authentication is used for servers that run on a corporate network using Active Directory domain identities or Windows accounts to identify users. Windows Authentication is best suited to intranet environments where users, client apps, and web servers belong to the same Windows domain.
On the taskbar, click Start, and then click Control Panel. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off. Expand Internet Information Services, then World Wide Web Services, then Security. Select Windows Authentication, and then click OK.
Basic AuthenticationAfter a user provides built-in Windows user account information, the data is transmitted to the web server. Once IIS receives the authentication data, it attempts to authenticate the user with the corresponding Windows account. This password is encoded using Base64 and sent to the server.
I've also hooked up ServiceStack with Integrated Windows Authentication (for a corporate application), and the key was to skip trying to integrate it with ServiceStack's AuthProviders entirely, since the general approach of IWA doesn't deal with credentials in your application code -- it's handled by the web server. What I did was:
Configure the site/application in IIS so that Windows Authentication was the only enabled option. (No Anonymous access allowed.) This means IIS itself will take care of the challenge-response (HTTP 401/200) sequence with unauthenticated users, and handles the authentication part of the process for you.
Implement ServiceStack's IHasRequestFilter (an HTTP pre-request filter) as an Attribute (e.g., [AdminOnly]). This filter's RequestFilter method fetches the current username from HttpContext (HttpContext.User.Identity.Name), looks it up from a repository (which could be a SQL database, flat file, etc.), caches results using ServiceStack's ICacheClient (memory cache, Redis, etc.), and throws a 403 HttpError if unauthorized.
With this done, all that was necessary was to add the attribute to classes or methods where desired (which gets this authentication/authorization into the service pipeline where desired), and register my desired cache provider in my AppHost implementation, e.g.:
container.Register<ICacheClient>(new MemoryCacheClient() { FlushOnDispose = false }); It works beautifully.
104
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
