21

I started coding a LoginModule for Nancy, but it occurred to me that possibly I need to perform authentication a different way. Is there an accepted way of doing auth in Nancy? I am planning two projects right now: web and json service. I will need auth for both.

Byron Sommardahl
  • 12,743
  • 15
  • 74
  • 131
  • 1
    Not really sure what you're asking - what were you writing and what is "a different way"? Forms authentication and basic authentication are supported out of the box. – Steven Robbins Nov 16 '11 at 16:55
  • Well, for the website in Nancy, forms works great. For my json service, I have written my own authentication piece that checks an api key upon each request. – Byron Sommardahl Jun 20 '12 at 18:43

2 Answers2

24

As Steven writes Nancy supports basic and form auth out of the box. Have a look these two demo apps to see how to do each: https://github.com/NancyFx/Nancy/tree/master/samples/Nancy.Demo.Authentication.Forms and https://github.com/NancyFx/Nancy/tree/master/samples/Nancy.Demo.Authentication.Basic

From the second of those demos here is a module that requires auth:

namespace Nancy.Demo.Authentication.Forms
{
  using Nancy;
  using Nancy.Demo.Authentication.Forms.Models;
  using Nancy.Security;

  public class SecureModule : NancyModule
  {
    public SecureModule() : base("/secure")
    {
        this.RequiresAuthentication();

        Get["/"] = x => {
            var model = new UserModel(Context.CurrentUser.UserName);
            return View["secure.cshtml", model];
        };
    }
  }
}

and a bootstrapper snippet that sets up form auth in the request pipeline:

    protected override void RequestStartup(TinyIoCContainer requestContainer, IPipelines pipelines, NancyContext context)
    {
        // At request startup we modify the request pipelines to
        // include forms authentication - passing in our now request
        // scoped user name mapper.
        //
        // The pipelines passed in here are specific to this request,
        // so we can add/remove/update items in them as we please.
        var formsAuthConfiguration =
            new FormsAuthenticationConfiguration()
            {
                RedirectUrl = "~/login",
                UserMapper = requestContainer.Resolve<IUserMapper>(),
            };

        FormsAuthentication.Enable(pipelines, formsAuthConfiguration);
    }
Jamie Rees
  • 7,973
  • 2
  • 45
  • 83
Christian Horsdal
  • 4,914
  • 23
  • 24
  • 8
    This answer is spot on for a website that is powered by Nancy. For a service, there is still something missing from Nancy. I have submitted a pull request (https://github.com/NancyFx/Nancy/pull/650#issuecomment-6416528) containing a new StatelessAuthentication piece. That type of authentication rounds out Nancy (at least for me) as a really great web or service provider technology. – Byron Sommardahl Jun 20 '12 at 18:45
  • @ByronSommardahl I see your pull request is part of Nancy now. Nice! – Goran Obradovic Mar 11 '14 at 18:21
1

I created an example forms auth web application with user management with Nancy for my own learning. It's on Github here if you want to play with it.

https://github.com/GusBeare/Nancy-UserManager

Norbert Norbertson
  • 2,102
  • 1
  • 16
  • 28