ServiceStack: Authenticate each request using headers in the HTTP request

asked7 years ago
last updated6 years ago
viewed59 times
Up Vote1Down Vote

I have have read other posts on the same topic, but I haven't really gotten a clear picture of how to best solve this:

I have a webservice, that is "stateless" when it comes to the authentication/session, meaning that the client will send two strings with every request (in the HTTP header), AuthToken and DeviceUUID.

These two strings are then compared to the storage, and if found, we know which user it is.

1)

Id like to use the [Authenticate] attribute for each service that I want to protect, and then a method should be executed where I check the two strings.

2)

If I add the [RequiredRole], a method should also be executed, where I have access to the HTTP headers (the two strings), so I can do my lookup.

I am unsure of how to do this in the easiest and cleanest manner possible. I do not want to create ServiceStack Session objects etc, I just want a method that, for each decorated services, runs a method to check authenticated state.

web-servicesauthenticationservicestack
edited
from the blog
Generating the PvQ Leaderboard
Getting Help in the Age of LLMs