How to Authenticate users differently in service stack based on service routes?

Question

I am using servicestack. I want to authenticate users differently based on the route in the API. For example: If the user is accessing a company route: /api/company (POST) (update to company data) I want to use the master keys stored in super admin account (for example). But if the user is accessing some trivial data say employee departments, then the authentication of that employee, Route: /api/employees/74274762764/departments (GET)

So how do I do this if I am using Credentials Authentication (inheriting and implementing).

Do I detect the paths and write logic? That will be very brittle. Theoretically I want to specify attribute on services and provide the authentication needed. So something like:

[CorporateAuthentication] or [UserAuthentication] so the authentication logic can figure out where to validate the user.

Please help.

Thanks

Amit

Answer 1

Normally when you have resources with different levels of accessibility, you don't actually want to Authenticate differently, instead you want the resources protected by varying roles or permissions that are attached on Authenticated users.

There's an example of how to use ServiceStack's Authentication and authorization wiki page:

[Authenticate]
//All HTTP (GET, POST...) methods need "CanAccess"
[RequiredRole("Admin")]
[RequiredPermission("CanAccess")]
[RequiredPermission(ApplyTo.Put | ApplyTo.Post, "CanAdd")]
[RequiredPermission(ApplyTo.Delete, "AdminRights", "CanDelete")]
public class Secured
{
    public bool Test { get; set; }
} 

This earlier StackOverflow Answer goes into detail of how Roles and Permissions work in ServiceStack.