1

It looks like ServiceStack only accepts session-based authentication. I was reading through https://github.com/ServiceStack/ServiceStack/wiki/Authentication-and-authorization and I couldn't find anything describing how to do what I want.

I also looked at http://enehana.nohea.com/general/customizing-iauthprovider-for-servicestack-net-step-by-step/ but that also is session-based.

What I would like to do, is very similar to how WebAPI works with Individual User Accounts.

I want to send this to the API:

POST http://localhost:49436/Token HTTP/1.1
User-Agent: Fiddler
Host: localhost:49436
Content-Type: application/x-www-form-urlencoded
Content-Length: 55

grant_type=password&username=Alice&password=password123

Then, if the user is found in my custom authentication method, it returns this:

{
    "access_token":"boQtj0SCGz2GFGz[...]",
    "token_type":"bearer",
    "expires_in":1209599,
    "userName":"Alice",
    ".issued":"Mon, 14 Oct 2013 06:53:32 GMT",
    ".expires":"Mon, 28 Oct 2013 06:53:32 GMT"
}

Then, the client app can just send the access_token on subsequent requests by appending a value like this to the HTTP request:

Authorization: Bearer boQtj0SCGz2GFGz[...]

Is this possible in ServiceStack?

Edit: Implementation using .NET's WebAPI: http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api

user1477388
  • 20,790
  • 32
  • 144
  • 264
  • Per the documentation, ServiceStack has support for OAuth. You can implement an OAuth server to provide the authorization. Take a look at DotNetOpenAuth and OWIN. Also see http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server. – JamieSee Sep 23 '14 at 20:31
  • This is a lot more involved than I was hoping for. Why would I need to create an OAuth server? Can't I just create a ServiceStack service to parse out the username and password and return and object with the access_token per the RFC? For example, using .NET's standard WebAPI, this is very easy. – user1477388 Sep 24 '14 at 13:36

0 Answers0