Authentication for multiple API(s)

I have a problem for planing and develop our system using ServiceStack.
We have:

  1. Customer
  2. Agency
  3. Driver
    And multiple services have separated as indepedent api.
    I want to implement an authentication which when customer or agency login in each api then can you orther api(s). Maybe filter by [RequireRole] attribute.

Any idea?

You can derive you CustomAuthProvider from any of ServiceStack authentication providers for example, CredintialAuthProvider, override OnAuthenticated() and fill session.Roles inside it.

public class CustomAuthProvider : CredentialsAuthProvider
    public override IHttpResult OnAuthenticated(IServiceBase authService, 
        IAuthSession session, IAuthTokens tokens, 
        Dictionary<string, string> authInfo)
        //Fill the roles list with the values of this user
        session.Roles = GetRolesFromDatabase();

        return base.OnAuthenticated(authService, session, tokens, authInfo);

Then add [RequiredRole("Customer")] or [RequiredRole("Driver")] etc attributes to the DTO or services which require role for it.

public class GetAvailableDrivers
    public double Latitude { get; set; }

    public double Longitude { get; set; }

The service for this request will be allowed for using only for users with “Customer” role. If you want that service will be accessible by several roles, you can use [RequiresAnyRole("Driver", "Agency")] attribute.

Finally, you need to register you provider when registering AuthFeature

Plugins.Add(new AuthFeature(() => new AuthUserSession(),
    new IAuthProvider[] {
        new CustomAuthProvider()

Just a side note. It’s better to annotate service instead of DTO with [RequiredRole] attribute. In this case you will avoid dependency to ServiceStack.dll and keep your API clean from additional references.

public class TaxiService : Service
    public object Any(GetAvailableDrivers request)
        //return nearby drivers 

So, i want separate UserAuth table for each user type, it’s mean:

  1. Customer have UserAuth table on customer database server
  2. Agent have UserAuth table on agent database server
  3. Driver have UserAuth on driver database server
    Also, i have an API such as
    When a user (customer or agent or driver) authenticate with this API then will get information from 3 database and save session.
    I also try Muti OrmLiteAuthRepository but not working, error like can not connect to database.

Please advise?

There’s only 1 UserAuth type for all Users. The Multitenancy RDBMS AuthProvider lets you authenticate with different databases based on the incoming request. See the Multitenancy docs for different ways you can change the DB Connection used at runtime.

E.g. you’ll need to be able to determine what database you want ServiceStack to connect to by either inspecting the Authenticate DTO or incoming IRequest:

GlobalRequestFilters.Add((req, res, dto) => {
   var auth = dto as Authenticate;
   req.Items[Keywords.DbInfo] = new ConnectionInfo {
       NamedConnection = GetMyNamedConnection(auth, req),

But it’s up to you how you want to be able to determine which DB that should be used, e.g. maybe you want to pass in the User Type in the Authenticate.Meta property, or maybe just by adding it on the queryString you can check with req.QueryString.