Bruce Hunter - 492 - Feb 4, 2014

Case sensitive ? How do you turn this off or fix it?

auth/logout  <- (Works Lower)
auth/Logout <- (Fails Upper)

Bruce Hunter:

Also, Is it possible to only allow POST and GET verbs for the AuthFeature. I looked at the ServiceStack code:

             this.Routes.Add(reqAttr.RequestType, atRestPath, null);

null is being passed by default which sets All Verbs.

Bruce Hunter:

I have had no luck having the Html Feature On and disabling the HtmlRedirect to login.aspx. I just want Html to return HTTP/1.1 401 Unauthorized

I set the HtmlRedirect = null for the AuthFeature during configuration and the    [Authenticate(HtmlRedirect = null)] attribute on the Service and it still redirects.

If I set the AuthFeature.HtmlRedirect = “”, at least it doesn’t redirect, but I get a 302, not a 401. 

Not sure what i’m doing wrong.

The provider value (i.e. logout) is case-sensitive, I guess I could make it ignore case. Based on the impl, the AuthService already only accepts Get/Post: https://github.com/ServiceStack/ServiceStack/blob/master/src/ServiceStack/Auth/AuthenticateService.cs#L79-L84

Are you talking about Credentials (i.e. UserName/Password) Auth? Does it redirect to the login page? The other OAuth providers have to redirect based as part of its core auth process. 

If this applies to Credentials auth, can I see the raw HTTP Request + Response headers with the request that redirects?

Bruce Hunter:

it would be great if it wasn’t case sensitive for logout. The metadata page for Auth specifies “All Verbs”. If you create your own operation and set the routes to “Post, GET”. Then that’s what you see only for that operation on the metadata page. “All Verbs” makes me think of more then just “Post, GET”.

Also, I decided to turn off the HTML feature as it redirects to login when I don’t want it too. Wanted it to stay on the route it was on.

Bruce Hunter:

To answer your question about the Auth redirect to login.aspx.

My service has the     [Authenticate] attribute set on the Service class I’ve created. If the Html feature is on and I open a browser and type in a Operation that I’ve created for example /myservice/GetDogs

Then it will redirect to login.aspx. I just want it to return Html or just a 401 like it should without redirecting.

The data you wanted from Fiddler.

GET http://localhost:3333/Service/GetCars/New HTTP/1.1
Host: localhost:3333
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: CSS=name=small-font.css; ss-pid=xyR1t5iLTw3H7traAzVy; 881D0C212B0E443A9BD6C026493B4DB2=55cc4wu35gyvfb0qv02h1sxf; ss-id=GZuJgfdbKNxDqWBtjx7g

HTTP/1.1 302 Found
Server: ASP.NET Development Server/11.0.0.0
Date: Wed, 05 Feb 2014 14:17:47 GMT
Location: http://localhost:3333/login?redirect=http%3a%2f%2flocalhost%3a3333%2fGetCars%2fNew
Cache-Control
: private
Content-Length: 0
Connection: Close

Then it redirects right away

GET http://localhost:3333/login?redirect=http%3a%2f%2flocalhost%3a3333%2fGetCars%2fNew HTTP/1.1
Host: localhost:3333
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: CSS=name=small-font.css; ss-pid=xyR1t5iLTw3H7traAzVy; 881D0C212B0E443A9BD6C026493B4DB2=55cc4wu35gyvfb0qv02h1sxf; ss-id=GZuJgfdbKNxDqWBtjx7g

HTTP/1.1 404 Not Found
Server: ASP.NET Development Server/11.0.0.0
Date: Wed, 05 Feb 2014 14:17:47 GMT
Content-Length: 1219
Content-type: text/html;charset=utf-8
Connection: Close

404 HTML Content Here - removed as it’s too long

Did you set HtmlRedirect to null when registering the AuthFeature? e.g:

Plugins.Add(new AuthFeature(…) { HtmlRedirect = null });

Bruce Hunter:

It must have been a late night and was cross-eyed. That resolved my issue.

I thought I had set the Property, but was setting the AuthFeature parameter as null, which is the default.

My code for others to read.

                Func<string,string> localize = HostContext.ResolveLocalizedString;

                var authFeature = new AuthFeature(() => new CustomUserSession(), new IAuthProvider[] { new CustomCredentialsAuthProvider(appSettings) })
                {
                    IncludeAssignRoleServices = false,
                    IncludeRegistrationService = false,
                    // This is a way to remove the /Auth route and leave /Authorize instead. We don’t need 2
                    ServiceRoutes = new Dictionary<Type, string[]> {{ typeof(AuthenticateService), new[] { “/” + localize(LocalizedStrings.Authenticate), “/” + localize(LocalizedStrings.Authenticate) + “/{provider}” }}},
                    HtmlRedirect = null
                };

                Plugins.Add(authFeature);

Thanks for taking time to answer my question. ServiceStack Rocks!

ok awesome, glad its resolved!