3

I was reading this from their documentation which says:

Then you need to register your custom credentials auth provider:

  //Register all Authentication methods you want to enable for this web app.
  Plugins.Add(new AuthFeature(() => new AuthUserSession(),
      new IAuthProvider[] {
    new CustomCredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
      }
  ));

My question is: Where do I put this? Also, what is meant by the comment, "HTML Form post of UserName/Password credentials?"

Currently, I have a ServiceStack service which returns JSON when called. I want to add an Authorize attribute above it so that only authorized users will be able to access it.

I have created a class as they suggest:

public class CustomCredentialsAuthProvider : CredentialsAuthProvider
{
    public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
    {
        //Add here your custom auth logic (database calls etc)
        //Return true if credentials are valid, otherwise false
        return false;
    }

    public override void OnAuthenticated(IServiceBase authService, IAuthSession session, IOAuthTokens tokens, Dictionary<string, string> authInfo)
    {
        //Fill the IAuthSession with data which you want to retrieve in the app eg:
        session.FirstName = "some_firstname_from_db";
        //...

        //Important: You need to save the session!
        authService.SaveSession(session, SessionExpiry);
    }
}

How can I "register your custom credentials auth provider?"

user1477388
  • 20,790
  • 32
  • 144
  • 264

1 Answers1

4

You register your plugins within the Configure method of your AppHost. The comment was just used in the example that you pulled the code from to suggest that the CustomCredentialsAuthProvider would work with a HTTP POST from a form.

public class MyApphost : AppHostHttpListenerBase
{
    public MyApphost() : base("Service Name", typeof(MyApphost).Assembly) {}

    public override void Configure(Container container)
    {
        Plugins.Add(new AuthFeature(
            () => new AuthUserSession(),
            new IAuthProvider[] { new CustomCredentialsAuthProvider()}
        ));
    }
}
Mike
  • 1,837
  • 10
  • 9
  • Thanks, but when I use the `[Authenticate]` attribute atop my `public class LocationService : ServiceStack.ServiceInterface.Service`, it just says, "Handler for Request not found:" Is there something I am missing? – user1477388 Sep 20 '13 at 16:43
  • 1
    By default users are redirected to `~/login` when authentication fails. If you do not have something setup for this route you'll get that error. See [this question](http://stackoverflow.com/questions/13065289/when-servicestack-authentication-fails-do-not-redirect) for a bit more information. – Mike Sep 20 '13 at 16:50
  • I set `TryAuthenticate` to `return true` so should it let it through? (Thanks for the link, btw.) – user1477388 Sep 20 '13 at 16:54
  • Do I have to send an auhorization header or something? Not sure how to test this properly. – user1477388 Sep 20 '13 at 17:52