Recently inherited a bloated product with lots of separated web services and web apps… endpoint URLs stored in the DB, session IDs being passed around in query strings, etc (single auth web service & app … none of the other web apps / services have any auth logic.). The client also has a goal of extending their auth logic from credentials only to credentials + social media. I would love to replace their centralized authentication web service with ServiceStack. Do any similar examples of this exist? Any words of wisdom? Am I just too in love with SS?
The HttpBenchmarks is an example of supporting both credentials + Social OAuth signups: https://httpbenchmarks.servicestack.net/ The section on authentication walks through setting it up: https://github.com/ServiceStack/HttpBenchmarks#authentication
Fredrick Lackey:
Yeah, I found HttpBenchmarks. I was more concerned about the fact that no auth logic exists in any of the services or apps… with the one service passing around some custom UID. Was hoping SS could be used to clean this up.
HttpBenchmarks shows how you can use if (IsAuthenticated) {} to render different content for anon/auth users:
https://github.com/ServiceStack/HttpBenchmarks/blob/master/src/BenchmarksAnalyzer/default.cshtml#L1
How you can use RedirectIfNotAuthenticated(); to protect auth only pages:
https://github.com/ServiceStack/HttpBenchmarks/blob/master/src/BenchmarksAnalyzer/Views/EditTestPlan.cshtml#L3
How admin Services are protected with the Admin role:
https://github.com/ServiceStack/HttpBenchmarks/blob/master/src/BenchmarksAnalyzer.ServiceInterface/AdminServices.cs#L10
and how Authenticated Service can only be accessed by authenticated users:
https://github.com/ServiceStack/HttpBenchmarks/blob/master/src/BenchmarksAnalyzer.ServiceInterface/AuthenticatedServices.cs#L14-L15
where GetSignedInUserId() is used to get the current id of the signed in user.