ApiKey authentication and Message Queue

Hello,
I am trying to set a secure TestMqMessage service as the handler for a Redis Message Queue.
The Authentication is ApiKey

[Authenticate(ApiKeyAuthProvider.Name)]
public object Any(TestMqMessage request)
{ ... }

I do not have a SessionId available
I was hoping something like this would work (adding the Authorization header instead of a SessionId)
Do you have an idea how I can proceed?

var clientsManager = container.Resolve<IRedisClientsManager>();
var mqHost = new RedisMqServer(clientsManager, retryCount: 2);

mqHost.RegisterHandler<TestMqMessage>(m =>
{
   var req = new BasicRequest { Verb = HttpMethods.Post };
   req.Headers[Keywords.Authorization] = "Bearer " + m.GetBody().BearerToken;

   return ServiceStackHost.Instance.ServiceController.ExecuteMessage(m, req);
});

Please see Authenticated Requests via MQ docs, i.e. Request DTOs should implement IHasBearerToken.

Hello
Yes it does,

public class TestMqMessage: IReturn<TestMqMessageResponse>,  IHasBearerToken
{
    public string BearerToken { get; set; }
    //...
}

I have been looking at the docs, but it is asking to get the SessionId
It does not make sense for the Api Key authentication?
I do not have a Client publishing to the queue, the client is a Web Service from another server. I do not have a Session. I just have a BearerToken.
I think I do not understand the docs.

For the JWT, it seems you have a function to convert the JWT to a Session.
I understand your answer here using

var session = jwtAuth.ConvertJwtToSession(req, jwt);

In my case where do I find a Session?

req.Headers["X-ss-id"] = m.GetBody().SessionId;

API Key is a Bearer Token Auth Provider, so populating IHasBearerToken.BearerToken should work.

If you can debug into the library source code, put a breakpoint on this line to try to find out why it’s not Authenticating:

I managed to run a remote debugger

Object reference not set to an instance of an object.
ServiceStack.Auth.NetCoreIdentityAuthProvider.PreAuthenticateAsync(IRequest req, IResponse res)
in /ServiceStack/ServiceStack/ServiceStack/src/ServiceStack/Auth/NetCoreIdentityAuthProvider.cs:line 113

So the issue is not connected to the ApiKey Auth, but to another authentication

        public void Configure(IAppHost appHost)
        {
            var appSettings = appHost.AppSettings;
            appHost.Plugins.Add(new AuthFeature(() => new CustomUserSession(),
                new IAuthProvider[] {
                    new ApiKeyAuthProvider(appSettings),
                    new NetCoreIdentityAuthProvider(appSettings),
                    new CredentialsAuthProvider(appSettings),     
                })

Seems like the NetCoreIdentityAuthProvider is interfering.
I am using it only to be able to log in a Hangfire Dashboard and it is probably not correctly set-up

If I decorate my services with:

[Authenticate(ApiKeyAuthProvider.Name)]

It is working and not calling the NetCoreIdentityAuthProvider which is good enough for me.

thx for the StackTrace, the NRE should be resolved from the latest v6.4.1+ that’s now available on MyGet.

1 Like