| name | servicestack-authentication |
| description | Implements authentication using ServiceStack Auth Providers and session handling. |
ServiceStack Authentication
ServiceStack provides a robust authentication system that supports multiple providers (Credentials, JWT, OAuth, etc.).
Configuration
Authentication is enabled by registering the AuthFeature in AppHost.Configure.
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[] {
new CredentialsAuthProvider(),
new JwtAuthProvider(AppSettings) { ... }
}));
Auth Repository
A persistence layer (IAuthRepository) is required to store user accounts.
container.Register<IAuthRepository>(c =>
new OrmLiteAuthRepository(c.Resolve<IDbConnectionFactory>()));
Protecting Services
Apply the [Authenticate] attribute to Service classes or Request DTOs.
[Authenticate]
public class MySecureRequest : IReturn<MyResponse> { ... }
Accessing Session Data
Inside a Service, use GetSession() or the SessionBag.
var session = GetSession();
var userId = session.UserAuthId;
Best Practices
- Discrete Sessions: Use a custom
AuthUserSession if you need to store additional data in the user session.
- Secure by Default: Consider applying authentication globally for certain assemblies or routes if appropriate.
- Identity V8: Note that ServiceStack v8 now leverages ASP.NET Core Identity by default for new projects, which integrates with existing ASP.NET Core security patterns.
- JWT for Statelessness: Prefer JWT for distributed or stateless API architectures.