Comments (6)
I'll have to see if I can get a copy of VS.NET 2010 somewhere to see what the
new WCF REST mechanism is like to see if it isn't too ugly and supportable for
implementations outside of WCF.
I normally roll my own authentication/session scheme as it lets me have greater
control over the user's auth/session and lets me store it in any ICacheClient
of my choosing. I have an example of the approach I normally take in these
classes: http://bit.ly/bolwP2
In order to handle each request generically, I have an IService base class and
mark each RequestDTO I want to authenticate with a IRequiresUserSession which
is just an interface with a UserId/SessionId pair. The base class simply
detects if the Request DTO is an 'IRequiresUserSession' and if so validates
that it is a valid session. If it is, calls the sub classes IService
implementation otherwise throws an Auth Error.
I'll try to put an example of this in ServiceStack's Example project when I get
time this weekend to show you what I mean. Normally Auth is handled with
cookies but I always like to be explicit in my web services definition and have
always needed the UserId for all my authenticated requests. Also it's more
testable if the UserId/SessionId pair is decoupled from the Server's HTTP
Request and explicitly set on the DTO's.
Original comment by [email protected]
on 11 Oct 2010 at 3:28
from servicestack.
[deleted comment]
from servicestack.
I have resolved this issue by creating
public abstract class MyServiceBase<TRequest> : ServiceBase<TRequest>,
IRequiresRequestContext
and creating
protected override object Run(TRequest request)
{
if (Authorise())
return RunService(request);
else {}
}
and my bool Authorise does my required validation. I wondered if it might be
helpful to others if this was baked into the framework. The base implementation
could contain an overridable Authorise method that just returns true in the
base?
Original comment by LepardUK
on 12 Oct 2010 at 8:42
from servicestack.
Yeah, that looks like it will work, the base-class is in-line with the approach
to what I would do. I don't really like 'baking in' auth/session into the
framework since it proposes the use of a single implementation and IMHO
complicates it for everybody who wants to use an alternate scheme.
I much prefer to have 'extensions' project on the side like I'm doing with
ServiceStack.ServiceInterface so users can opt-in the extra functionality if it
suits them. I will look to provide a better auth/session story in there at some
stage.
Original comment by [email protected]
on 12 Oct 2010 at 8:56
from servicestack.
Hi LeparkUK,
Do you have a more complete example on how this worked for you?
Rui
Original comment by [email protected]
on 25 Mar 2011 at 12:50
from servicestack.
Sorry. Do to issues with service stack at the time (now resolved) I was unable
to progress any further with the framework at that time and due to time
constraints I had to continue without, so I no longer have my code.
Original comment by LepardUK
on 25 Mar 2011 at 12:55
from servicestack.
Related Issues (20)
- Serializing byte[] cannot be Deserialized.
- CreateTransaction failing HOT 1
- TypeInitializationException when a class have a property that return an XElement value
- TypeInitializationException when deserialiaze a string to a class that have a static property
- Priority of Web Sockets HOT 1
- How to Store values in session
- Implement Forms Authentication Using ServiceStack HOT 1
- OrmPostgreSQL HOT 1
- Supporting for redis ZCOUNT command
- WCF helper implementation
- Null reference exception on call to GetAll HOT 2
- Broken link on Project Home HOT 2
- DeSerialising dictionary with type Dictionary<Tuple<string,string>,double>>() does not work
- Wrong Encoding
- ServiceStack.Redis reading large files from Redis server
- ServiceStack.Redis.RedisResponseException
- Db number is fogotten when using pooled clients.
- SOAP request and response wrappers
- Tutorial references ServiceStackHttpHandlerFactory which isn't included in ServiceStack.dll
- Future roadmap suggestion
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from servicestack.