2

I'd like to enforce authentication on some auto querys.

[Authenticate]
public class BusinessEntitiesService : QueryDb<DataModel.dbo.BusinessEntity>
{
}

Here's my issue. The above class is in my ServiceModel project... in order to add the [Authenticate] attribute, I need to add a reference to ServiceStack.dll which I think can cause issues down the road (according to previous guidance to only reference ServiceStack.Interfaces in the ServiceModel). I can't add the above class to ServiceInterfaces because then I'd have to reference that everywhere I use the client.

I've also tried using a GlobalRequestFilter... but that appears to goof with the AdminFeature plugin:

    private bool IsAProtectedPath(string path)
    {
        return !path.StartsWith("/auth") && !path.StartsWith("/autoquery");
    }

        GlobalRequestFilters.Add((httpReq, httpResp, requestDto) =>
        {
            if(IsAProtectedPath(httpReq.PathInfo))
                new AuthenticateAttribute().Execute(httpReq, httpResp, requestDto);
        });

enter image description here

Not really sure how to best handle this.

4

1 回答 1

2

为了将该[Authenticate]属性应用于 AutoQuery Services,您需要创建一个自定义 AutoQuery 实现并在其上应用您的 Filter 属性,例如:

[Authenticate]
public class MyProtectedAutoQueryServices : Service 
{
    public IAutoQueryDb AutoQuery { get; set; }

    public object Any(QueryBusinessEntity query) =>
        AutoQuery.Execute(query, AutoQuery.CreateQuery(query, Request));

    public object Any(QueryBusinessEntity2 query) =>
        AutoQuery.Execute(query, AutoQuery.CreateQuery(query, Request));
}

另一种方法是动态地将属性添加到您的 AutoQuery Request DTO,但这些需要在Configure()调用之前注册,无论是在 AppHost 构造函数之前appHost.Init()还是在您的 AppHost 构造函数中,例如:

public class AppHost : AppHostBase
{
    public AppHost()
    {
        typeof(QueryBusinessEntity)
            .AddAttributes(new AuthenticateAttribute());
    }
}
于 2016-06-30T18:54:01.463 回答