Hi,
I am migrating my code also to use ServiceStack security.
In the old code have a login method string Login(userName, password); to read the user details from the database and to generate a token using JwtSecurityTokenHandler.CreateToken .
I have added this:
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[] {
new JwtAuthProviderReader(AppSettings) {
HashAlgorithm = "RS256",
PublicKeyXml = publicXml
},
})
);
Now I need a way to authenticate with my database and generate a token and combine the Role with the authentication.
Also to register a new user with password hashing.
Can I get an example of how to implement that kind of use-case?
Thanks.
The JWT Auth Provider only allows authentication via JWT, if you need to allow alternative authentication methods you’ll need to register an additional Auth Provider, e.g. for Username/Password you’ll need to use a Credentials Auth Provider however that relies on using and Auth Repository which you can’t do if you need to authenticate with existing User/Auth tables where you’ll instead need to implement a Custom Auth Provider which will also need to be registered in the AuthFeature, e.g:
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[] {
new MyCustomCredentialsAuthProvider(AppSettings),
new JwtAuthProvider(AppSettings) {
HashAlgorithm = "RS256",
PrivateKeyXml = AppSettings.GetString("PrivateKeyXml"),
},
})
);
If implemented correctly you’ll be able to use the APIs for authenticating via JWT that’s documented in the JWT docs.
If you want to use RS256 encryption you’ll need register your Private Key so it can sign or encrypt JWT’s, not just decrypt them and you’ll need to configure a JwtAuthProvider instead, e.g:
new JwtAuthProvider(AppSettings) {
HashAlgorithm = "RS256",
PrivateKeyXml = AppSettings.GetString("PrivateKeyXml")
}
If you’re using RS256 you’re not using the Asymmetric AuthKey so it shouldn’t be configured to reduce confusion.