We have to host a ServiceStack application version 5.9 built on .net framework 4.8 in IIS using ASP.NET (no .net core, no Kestrel).
Our goal is taking advantage of Windows integrated authentication and impersonation features of IIS, using them as SSO.
The ServiceStack application hosts services shared with another application where users authentication is made by credetilals provided by a web form, using the AuthorizeAttribute of ServiceStack.
We created a class inherited from AppHostBase, calling its Init method in Application_Start of our System.Web.HttpApplication (cassic Global.asax.cs style).
- we created and plugged in a fake servicestack authorization provider to by pass the direct authorization by application;
- we used SessionFeature to manage user sessions, caching them by redis cache clients;
- we populate and then save sessions about the authenticated user available in the http context, reaching him through the http request inside a callback registered in the collection GlobalRequestFilters of the application host class.
All it works, but (obviously) everything done in void Configure(Container funqContainer) and all
servicestack application initialization task repeats every request.
Is our solution right?
If not, what is the right way to host a servicestack application in iis using ASP.NET and .net classic framework minimizing the initialization effort?