Split Authentication Providers

Lets say my AppHost has two services: ServiceA and ServiceB.

The operations on ServiceA use BasicAuthProvider and the operations of ServiceB use JWTAuthProvider.

Is it possible to configure the AuthFeature in the single AppHost to do that?

Or are we looking at creating separate AppHosts (one for ServiceA and one for ServiceB) with differently configured AuthFeature and AuthProviders?

Or should I be looking at stacking up the different AuthProviders in same AuthFeature in the same AppHost, and expect one of the AuthProviders to authenticate?

Every AuthProvider registered controls how Users can Authenticate, but once they’re Authenticated an Authenticated Users Session is established which can access any Service annotated with [Authenticate] attribute. In order to further validate that a specific Auth Provider was used for each service you’d need to validate that yourself. If you’ve just registered Basic Auth and JWT Auth Provider than you can check for session.FromToken to determine whether or not the User was authenticated using JWT.

But this type of validation is unusual, if a User is authenticated it shouldn’t matter how, so it sounds like you want 2 different ServiceStack instances in order to limit the Authentication options available for each instance. Since you can only have 1 AppHost in each .NET AppDomain, you’d need 2 different ServiceStack instances to configure 2 different AppHosts.