7

I am looking at the Rockstars example and ServiceStack.Razor.

How do I go about fitting authentication into, say, secure.cshtml page. So I can redirect user to Login.cshtml if required.

I only understand from SocialBootstrapApi example if I mix MVC hybird, I can put [authenticate()] at ServiceStackController to achieve that.

But what if I just want a pure SS project without .net MVC?

Tom
  • 15,781
  • 14
  • 69
  • 111

1 Answers1

7

The Authenticate attribute is just a plain ServiceStack Request Filter Attribute, i.e. it works in both MVC and ServiceStack.

Applying this filter will return a 401 UnAuthorized response for all non-HTML requests. e.g. If you called this with Ajax, you could detect this error response and do the redirect on the client.

From v3.9.23+ of ServiceStack the [Authenticate] attribute will automatically redirect all Authentication errors to ~/login url by default.

You can override this url when you register the AuthFeature, e.g:

Plugins.Add(new AuthFeature(...) { HtmlRedirect = "/path/to/my/login" });

Which will apply globally to all [Authenticate] attributes or you can override this on an adhoc basis with:

[Authenticate(HtmlRedirect="/path/to/my/login")]

Note: Attributes are inheritable so you can add this once to a SecuredService class and all subclasses will inherit its behaviour.

Redirecting manually

To redirect an UnAuthorized HTML request manually you can do your own checking + redirection with:

public object Secured(Request request) {
    if (!base.SessionAs<MyCustomSession>().IsAuthenticated)
        return new HttpResult(HttpStatusCode.Redirect, "Un Authorized") { 
           Headers = { {"Location", "/path/to/login" } } };
}

There is also a DRY wrapper around the above redirect which you can use instead:

public object Secured(Request request) {
    if (!base.SessionAs<MyCustomSession>().IsAuthenticated)
        return HttpResult.Redirect("/path/to/login");
}
mythz
  • 141,670
  • 29
  • 246
  • 390
  • Wow cool. Can't wait to try this out! Just curious before I start coding, what is the behaviour like when client side ajax is expecting a DTO from "public object Secured(Request request) {}" but it receives a HttpResult? Will the whole page be redirected to "path/to/login"? Does jqunback.js understand what we want it do to when receiving the HttpResult instead of a DTO? – Tom Sep 28 '12 at 14:36
  • 1
    The client never receives an HttpResult, you use the HttpResult in ServiceStack to provide a customized HTTP Response, e.g. in this case the client gets a Location redirect which tells the browser to navigate to the new url. – mythz Sep 28 '12 at 14:39
  • You have saved me again. Thanks heaps mythz :) – Tom Sep 28 '12 at 14:41
  • 1
    np :) BTW just updated the question to add the necessary HttpStatus code. – mythz Sep 28 '12 at 14:43
  • Updated to include new functionality on `[Authenticate(HtmlRedirect=...)]` attribute – mythz Oct 01 '12 at 09:35
  • how access session in razor page of SS (not service related page, ex: login) everytime i accessed.. it throw.. Only ASP.NET Requests accessible via Singletons are supported. it is that.. the session only for ss hosted using asp.net.. so console apps ? – Anton Hasan Oct 20 '12 at 18:56