Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why does my ServiceStack AuthProvider never call Authenticate(), even when IsAuthorized() returns false?

Tags:

authentication

servicestack

I'm writing an AuthProvider for ServiceStack to authenticate against our own OAuth2 server, and having problems with the way ServiceStack interacts with my provider.

According to https://groups.google.com/d/msg/servicestack/e3kkh-qRDYs/DF9Y05ibl-MJ

There are generally 2 ways for extending, if you want to provide your own OAuth implementation you would sub class AuthProvider (or implement IAuthProvider) and override the Authenticate() method which holds the entire implementation of your service. The AuthService now has no real implementation of its own, it just checks the Auth Provider .IsAuthorized() method to see if the user is already authenticated, if not it calls the Authenticate() method. [my emphasis]

My entire auth provider right now looks like this:

using System;
using ServiceStack.ServiceInterface;
using ServiceStack.ServiceInterface.Auth;

namespace SpotAuth.ResourceServer.Services {
    public class SpotlightOAUthProvider : AuthProvider {
        public override bool IsAuthorized(IAuthSession session, IOAuthTokens tokens, Auth request = null) {
            return (false);
        }

        public override object Authenticate(IServiceBase authService, IAuthSession session, Auth request) {
            // A breakpoint on this line is never reached; the service just returns Unauthorized.
            throw new NotImplementedException();
        }
    }
}

Why is the Authenticate method never being called? The forum post linked above is nearly a year old but I can't find anything suggesting this behaviour has been deprecated.

like image 466
Dylan Beattie Avatar asked Aug 19 '13 10:08

Dylan Beattie

1 Answers

This answer probably comes a bit late, but I just stumbled upon your question now.

A few weeks before you asked your question, I tried to implement my own AuthProvider and had a similar problem:
How to get ServiceStack authentication to work? (with iPhone clients)
(near the bottom of the question, there's my MyBasicAuthProvider)

In the end I found out what I did wrong, and I think you made the same mistake as I did:
I needed to override TryAuthenticate instead of Authenticate.

As soon as I changed that, my provider worked.

like image 174
Christian Specht Avatar answered Sep 27 '22 16:09

Christian Specht
Sign in to Comment

Related questions

How to wrap my routes in an authentication directive that then gives visibility to a custom class for my routes to access
How to allow to use the master password in Laravel 8 by overriding Auth structure?
Differentiate between Windows Auth and Forms Auth users when authenticating against same AD with SharePoint 2010 using claims based authentication
How to propagate spring security login to EJBs?
Is it possible to set Apache Basic Authentication to lock a directory, except for one file?
Authorizing for Google ToDo List (AuthToken, secid)
LDAP user authentication across trusted domains
Can a Hacker gain access to my database if i've left the default authentication key value in place in my wp-config.php?
Linking several oauth accounts to a single user: what's considered safe practice and what's not?
IIS basic authentication using LDAP
Verify user through PayPal GetVerifiedStatus API
Not able to do authentication using client certificate in iPhone
Authentication for a web and mobile app over a RESTfull web service built on django
Use facebook authentication for browser extension [closed]
Spring security only for authorization. External authentication
Monitor a webpage behind authentication for a text
Rails authentication strategy for noob
Spring Security 3.2 Token Authentication

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!