Assign Roles and Permissions

benhaben · July 22, 2015, 6:22am

Hi
I find SS support Roles and Permission, and i know IUserAuthRepository has a method AssignRoles. But i do not know how to give permission to roles, or their do not have relation?

Could you give me a example to show how to use roles and permission, i know add attributes to dto like this [RequiredRole(“Admin”)], but i do not sure how to assign roles and add permission to one user.

benhaben · July 22, 2015, 6:31am

I find AssignRoles also assign permissions. so permissions and roles do not have relationship, they are just tow aspect of authentication.

public static void AssignRoles(this IAuthRepository UserAuthRepo, IUserAuth userAuth, ICollection<string> roles = null, ICollection<string> permissions = null)

balexandre · July 22, 2015, 7:42am

if you searching for a way to see how to use them, there’s a SS Test that you are able to see this better:

github.com

ServiceStack/ServiceStack/blob/master/tests/ServiceStack.WebHost.Endpoints.Tests/AuthTests.cs

using System;
using System.IO;
using System.Net;
using System.Threading;
using System.Threading.Tasks;
using System.Web;
using Funq;
using NUnit.Framework;
using ServiceStack.Auth;
using ServiceStack.Caching;
using ServiceStack.Common.Tests.ServiceClient.Web;
using ServiceStack.Data;
using ServiceStack.OrmLite;
using ServiceStack.Text;
using ServiceStack.Web;
using ServiceStack.WebHost.Endpoints.Tests.Support.Services;
using ServiceStack.WebHost.IntegrationTests.Services;
using System.Collections.Generic;

namespace ServiceStack.WebHost.Endpoints.Tests

This file has been truncated. show original

benhaben · July 23, 2015, 8:47am

I find WebSudoFeature in the test, what’s that. i can not find documents for that.

balexandre · July 23, 2015, 10:15am

It’s just a class name in a example, it can be whatever you want.

I would download the source code and go through it… the Test is actually a good way to start, but you can find all sort of godnesses in the code.

benhaben · July 23, 2015, 2:05pm

Thank you，WebSudoFeature maybe just a example for deriving IPlugin and IAuthEvents

public class WebSudoFeature : IPlugin, IAuthEvents
{
    public void Register(IAppHost appHost)
    {
        ...
        var authFeature = appHost.GetPlugin<AuthFeature>();
        authFeature.AuthEvents.Add(this);
    }

    // Add implementations of all `IAuthEvents` handlers
    public void OnCreated(IRequest httpReq, IAuthSession session) { ... }

}

mythz · July 23, 2015, 2:13pm

Here’s info In Web Sudo from the Release Notes:

Web Sudo

A common UX in some websites is to add an extra layer of protection for super protected functionality by getting users to re-confirm their password verifying it’s still them using the website, common in places like confirming a financial transaction.

WebSudo (by @tvjames) is a new feature similar in spirit requiring users to re-authenticate when accessing Services annotated with the [WebSudoRequired] attribute. To make use of WebSudo, first register the plugin:

Plugins.Add(new WebSudoFeature());

You can then apply WebSudo behavior to existing services by annotating them with [WebSudoRequired]:

[WebSudoRequired]
public class RequiresWebSudoService : Service
{
    public object Any(RequiresWebSudo request)
    {
        return request;
    }
}

Once enabled this will throw a 402 Web Sudo Required HTTP Error the first time the service is called:

var requiresWebSudo = new RequiresWebSudo { Name = "test" };
try
{
    client.Send<RequiresWebSudoResponse>(requiresWebSudo); //throws
}
catch (WebServiceException)
{
    client.Send(authRequest); //re-authenticate
    var response = client.Send(requiresWebSudo); //success!
}

Re-authenticating afterwards will allow access to the WebSudo service.

benhaben · July 23, 2015, 2:22pm

cool, get your point