ServiceStack AutoQuery and [Authenticate] Attribute

Question

I'd like to enforce authentication on some auto querys.

[Authenticate]
public class BusinessEntitiesService : QueryDb<DataModel.dbo.BusinessEntity>
{
}

Here's my issue. The above class is in my ServiceModel project... in order to add the [Authenticate] attribute, I need to add a reference to ServiceStack.dll which I think can cause issues down the road (according to previous guidance to only reference ServiceStack.Interfaces in the ServiceModel). I can't add the above class to ServiceInterfaces because then I'd have to reference that everywhere I use the client.

I've also tried using a GlobalRequestFilter... but that appears to goof with the AdminFeature plugin:

    private bool IsAProtectedPath(string path)
    {
        return !path.StartsWith("/auth") && !path.StartsWith("/autoquery");
    }

        GlobalRequestFilters.Add((httpReq, httpResp, requestDto) =>
        {
            if(IsAProtectedPath(httpReq.PathInfo))
                new AuthenticateAttribute().Execute(httpReq, httpResp, requestDto);
        });

Not really sure how to best handle this.

score 2 · Accepted Answer · answered Jun 30 '16 at 18:54

In order to apply the [Authenticate] attribute to AutoQuery Services you would need to create a custom AutoQuery implementation and apply your Filter attributes on that, e.g:

[Authenticate]
public class MyProtectedAutoQueryServices : Service 
{
    public IAutoQueryDb AutoQuery { get; set; }

    public object Any(QueryBusinessEntity query) =>
        AutoQuery.Execute(query, AutoQuery.CreateQuery(query, Request));

    public object Any(QueryBusinessEntity2 query) =>
        AutoQuery.Execute(query, AutoQuery.CreateQuery(query, Request));
}

An alternative is to dynamically add attributes to your AutoQuery Request DTO, but these would need to be registered before Configure() is called, either before appHost.Init() or in your AppHost constructor, e.g:

public class AppHost : AppHostBase
{
    public AppHost()
    {
        typeof(QueryBusinessEntity)
            .AddAttributes(new AuthenticateAttribute());
    }
}

Is IAutoQueryDb supposed to be injected into Service? I'm getting a null exception on it.... using basically the same example from the link you provided. — Chris Klepeis, Jun 30 '16 at 19:24
@ChrisKlepeis Yeah `IAutoQueryDb` is registered in the IOC when you register the AutoQueryFeature, e.g `Plugins.Add(new AutoQueryFeature());` — mythz, Jun 30 '16 at 19:27

ServiceStack AutoQuery and [Authenticate] Attribute

1 Answers1