4

I'm rather new to servicestack. I seem to be having trouble with 401 statues being rewritten to 302. I was looking at this answer:

When ServiceStack authentication fails, do not redirect?

I see the suggested solution is to add the following:

Plugins.Add(new AuthFeature(...) { HtmlRedirect = null });

My question is, where precisely do I add this to get it to work? I've started to build something up based on examples on github: 

public class AppHost : AppHostBase
{
    public AppHost() : base("Custom Authentication Example", typeof(AppHost).Assembly) { }

    public override void Configure(Container container)
    {
        // register storage for user sessions 
        container.Register<ICacheClient>(new MemoryCacheClient());

        // add routes
        Routes.Add<HelloRequest>("/hello"); 

        // Register AuthFeature with custom user session and custom auth provider
        Plugins.Add(new AuthFeature(
            () => new CustomUserSession(),
            new[] { new CustomCredentialsAuthProvider() }
        ));

        // Enable the metadata page
        SetConfig(new EndpointHostConfig {
            EnableFeatures = Feature.All.Add(Feature.Metadata)
        });
    }
}

Thanks much

Community
  • 1
  • 1
SeanH
  • 584
  • 3
  • 18
  • Hi @SeanH, Can I ask you if it would be a security issue to leave the server to respond with a 302 instead of 401? What is the reason of this change? Thank you – MeV Dec 17 '15 at 12:28
  • 1
    @MaRco85 I don't think so. This is for a restful API, so using 302 to redirect to a login page was useless. Having said that, the server still won't grant you access to the requested resources, so its safe in that sense. If your client gets an HTTP 401 back, you can be reasonably sure that there is an authentication issue and take steps to fix it. – SeanH Dec 17 '15 at 15:06
  • Exactly what I was thinking. Thank you very much for your explanation! :-) @SeanH – MeV Dec 17 '15 at 15:53

1 Answers1

3

You're pretty much there.

public override void Configure(Container container)
{
     Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[] { new BasicAuthProvider() }) { HtmlRedirect = null });

//... more config stuff...

}
Eric W.
  • 7,148
  • 3
  • 20
  • 27