Menu
I'm trying to integrate ServiceStack with an existing Web Forms site. The site uses Forms Authentication along with some custom authentication logic involving database calls, etc.
How can I secure ServiceStack calls using the same mechanism? Reading the docs, it seems I should write a custom auth provider that inherits from CredentialsAuthProvider to do the database check, etc. and add a request filter to apply the AuthenticateAttribute to each request. Do I also need to set the forms auth ticket, once authenticated, and check the ticket on each request? Where would I do those things?
Am I missing anything? Is there a better approach?
269
The integration between IIS and ASP.NET is unprecedented in IIS 7.0. This integration lets you protect all your content using ASP. NET's forms-based authentication. This cookie or cookie-less-based authentication allows Web applications to be authenticated using credentials other than Windows.
Form Authentication is a token-based system. When users log in, they receive a token with user information that is stored in an encrypted cookie. When a user requests an ASP.NET page via the browser, the ASP.NET verifies whether the form authentication token is available.
Examples of login and error pages are shown in Creating the Login Form and the Error Page. Form-based authentication is not particularly secure. In form-based authentication, the content of the user dialog box is sent as plain text, and the target server is not authenticated.
See the CustomAuthenticationMvc UseCase project for an example of integrating MVC Forms Authentication with ServiceStack's Auth Providers.
Specifically the AccountController.Login() method shows how to call ServiceStack from MVC:
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult Login(LoginModel model, string returnUrl)
{
if (ModelState.IsValid)
{
var authService = AppHostBase.Instance.TryResolve<AuthService>();
authService.RequestContext = CreateRequestContext();
var response = authService.Authenticate(new Auth
{
UserName = model.UserName,
Password = model.Password,
RememberMe = model.RememberMe
});
// add ASP.NET auth cookie
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
return RedirectToLocal(returnUrl);
}
// If we got this far, something failed, redisplay form
ModelState.AddModelError("",
"The user name or password provided is incorrect.");
return View(model);
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
