Using auth with ormlite

Hi,
I am migrating my code also to use ServiceStack security.
In the old code have a login method string Login(userName, password); to read the user details from the database and to generate a token using JwtSecurityTokenHandler.CreateToken .

I have added this:

        Plugins.Add(new AuthFeature(() => new AuthUserSession(),
            new IAuthProvider[] {
                new JwtAuthProviderReader(AppSettings) {
                    HashAlgorithm = "RS256",
                    PublicKeyXml = publicXml
                },
            })
       );

Now I need a way to authenticate with my database and generate a token and combine the Role with the authentication.
Also to register a new user with password hashing.

Can I get an example of how to implement that kind of use-case?
Thanks.

Please read the JWT Auth Provider and Authentication and Authorization docs thoroughly to learn about how ServiceStack Auth works.

The JWT Auth Provider only allows authentication via JWT, if you need to allow alternative authentication methods you’ll need to register an additional Auth Provider, e.g. for Username/Password you’ll need to use a Credentials Auth Provider however that relies on using and Auth Repository which you can’t do if you need to authenticate with existing User/Auth tables where you’ll instead need to implement a Custom Auth Provider which will also need to be registered in the AuthFeature, e.g:

Plugins.Add(new AuthFeature(() => new AuthUserSession(),
    new IAuthProvider[] {
        new MyCustomCredentialsAuthProvider(AppSettings),
        new JwtAuthProvider(AppSettings) {
            HashAlgorithm = "RS256",
            PrivateKeyXml = AppSettings.GetString("PrivateKeyXml"),
        },
    })
   );

If implemented correctly you’ll be able to use the APIs for authenticating via JWT that’s documented in the JWT docs.

Ok. Thanks.
I was able to register a user in the database using OrmLiteAuthRepository.

Plugins.Add(new AuthFeature(() => new AuthUserSession(),
                new IAuthProvider[] {
                    new JwtAuthProviderReader(AppSettings) {
                        AuthKey = AesUtils.CreateKey(),
                        HashAlgorithm = "RS256",
                        PublicKeyXml = publicXml
                    },
                    new CredentialsAuthProvider(),
                    new CustomJwtAuthProvider{AuthKey = AesUtils.CreateKey()}
                })
           );           

When I try to login I send a request to:
/auth/credentials
with the data:

{
	"userName" : "admin",
	"password" : "1qaz2wsx",
}

I am getting back the result:

{
    "userId": "1",
    "sessionId": "PMbAJYmOs9W5Xh2LCOPA",
    "userName": "admin",
    "displayName": "John Doe",
    "profileUrl": "data:image/svg+xml,%3Csvg width='100' height='100' viewBox='0 0 100 100' xmlns='http://www.w3.org/2000/svg'%3E %3Cstyle%3E .path%7B%7....",
    "roles": [],
    "permissions": [],
    "responseStatus": {}
}

I am expecting to get back the token so I can join it as Bearer in the next request, I dont think session id can be sent as a Bearer…
Thanks

If you’re not authenticating over https you’ll need to disable RequireSecureConnection.

Don’t register 2 JWT Auth Providers, use either ServiceStack’s built-in or your CustomJwtAuthProvider.

I have fixed that:

            Plugins.Add(new AuthFeature(() => new AuthUserSession(),
                new IAuthProvider[] {
                    new JwtAuthProviderReader(AppSettings) {
                        AuthKey = AesUtils.CreateKey(),
                        HashAlgorithm = "RS256",
                        PublicKeyXml = publicXml,
                        RequireSecureConnection = false
                    },
                    new CredentialsAuthProvider(),
                })
           );

Still I dont get back the jwt token.
Thanks again for your time!

A JwtAuthProviderReader can’t generate or issue new JWT Tokens it can only “read” them.

If you want to use RS256 encryption you’ll need register your Private Key so it can sign or encrypt JWT’s, not just decrypt them and you’ll need to configure a JwtAuthProvider instead, e.g:

new JwtAuthProvider(AppSettings) { 
    HashAlgorithm = "RS256",
    PrivateKeyXml = AppSettings.GetString("PrivateKeyXml") 
}

If you’re using RS256 you’re not using the Asymmetric AuthKey so it shouldn’t be configured to reduce confusion.

Woking perfect!
Thanks

1 Like