ApiKeyAuthProvider PreAuthenticate override

stefandv · March 3, 2022, 8:18pm

Is there a way to override the PreAuthenticate method in ApiKeyAuthProvider?
Issue is that I use both API Key Provider and JWTBearerTokens.
I have both registered.
However, when I call with a JWT Token, it always passes the ApiKeyAuthProvider, doing a sql call to check of the bearer token is actually an API Key - of course not. So this is always an extra call.

So basically this code

        public void PreAuthenticate(IRequest req, IResponse res)
        {
            //The API Key is sent in the Basic Auth Username and Password is Empty
            var userPass = req.GetBasicAuthUserAndPassword();
            if (userPass != null && string.IsNullOrEmpty(userPass.Value.Value))
            {
                var apiKey = GetApiKey(req, userPass.Value.Key);
                PreAuthenticateWithApiKey(req, res, apiKey);
            }
            var bearerToken = req.GetBearerToken();
            if (bearerToken != null)
            {
                var apiKey = GetApiKey(req, bearerToken);
                if (apiKey != null)
                {
                    PreAuthenticateWithApiKey(req, res, apiKey);
                }
            }

Where the bearerToken is executed in the GetApiKey.

layoric · March 3, 2022, 11:28pm

Hi @stefandv,

What version of ServiceStack are you using? From 5.12+ this should be overridable with PreAuthenticateAsync being virtual.

stefandv · March 4, 2022, 9:00am

Ok thanks; we are using some minor versions before. Will investigate if we can upgrade soon.