Authentication for multiple API(s)

hoaihuongbk · April 18, 2017, 1:28pm

I have a problem for planing and develop our system using ServiceStack.
We have:

Customer
Agency
Driver
And multiple services have separated as indepedent api.
I want to implement an authentication which when customer or agency login in each api then can you orther api(s). Maybe filter by [RequireRole] attribute.

Any idea?

xplicit · April 18, 2017, 3:11pm

You can derive you CustomAuthProvider from any of ServiceStack authentication providers for example, CredintialAuthProvider, override OnAuthenticated() and fill session.Roles inside it.

public class CustomAuthProvider : CredentialsAuthProvider
{
    public override IHttpResult OnAuthenticated(IServiceBase authService, 
        IAuthSession session, IAuthTokens tokens, 
        Dictionary<string, string> authInfo)
    {
        //Fill the roles list with the values of this user
        session.Roles = GetRolesFromDatabase();

        return base.OnAuthenticated(authService, session, tokens, authInfo);
    }
}

Then add [RequiredRole("Customer")] or [RequiredRole("Driver")] etc attributes to the DTO or services which require role for it.

[RequiredRole("Customer")]
public class GetAvailableDrivers
{
    public double Latitude { get; set; }

    public double Longitude { get; set; }
}

The service for this request will be allowed for using only for users with “Customer” role. If you want that service will be accessible by several roles, you can use [RequiresAnyRole("Driver", "Agency")] attribute.

Finally, you need to register you provider when registering AuthFeature

Plugins.Add(new AuthFeature(() => new AuthUserSession(),
    new IAuthProvider[] {
        new CustomAuthProvider()
    }
));

xplicit · April 19, 2017, 7:50am

Just a side note. It’s better to annotate service instead of DTO with [RequiredRole] attribute. In this case you will avoid dependency to ServiceStack.dll and keep your API clean from additional references.

[RequiredRole("Customer")]
public class TaxiService : Service
{
    public object Any(GetAvailableDrivers request)
    {
        //return nearby drivers 
    }
}

hoaihuongbk · April 21, 2017, 2:54am

So, i want separate UserAuth table for each user type, it’s mean:

Customer have UserAuth table on customer database server
Agent have UserAuth table on agent database server
Driver have UserAuth on driver database server
Also, i have an API such as api.example.com
When a user (customer or agent or driver) authenticate with this API then will get information from 3 database and save session.
I also try Muti OrmLiteAuthRepository but not working, error like can not connect to database.

Please advise?

mythz · April 21, 2017, 3:28am

There’s only 1 UserAuth type for all Users. The Multitenancy RDBMS AuthProvider lets you authenticate with different databases based on the incoming request. See the Multitenancy docs for different ways you can change the DB Connection used at runtime.

E.g. you’ll need to be able to determine what database you want ServiceStack to connect to by either inspecting the Authenticate DTO or incoming IRequest:

GlobalRequestFilters.Add((req, res, dto) => {
   var auth = dto as Authenticate;
   req.Items[Keywords.DbInfo] = new ConnectionInfo {
       NamedConnection = GetMyNamedConnection(auth, req),
   };
});

But it’s up to you how you want to be able to determine which DB that should be used, e.g. maybe you want to pass in the User Type in the Authenticate.Meta property, or maybe just by adding it on the queryString you can check with req.QueryString.