원클릭으로
servicestack-authorization
Applies role-, permission-, and ownership-based authorization using ServiceStack idioms.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Applies role-, permission-, and ownership-based authorization using ServiceStack idioms.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Designs stable, discoverable APIs using routes, metadata, and versioning conventions.
Implements authentication using ServiceStack Auth Providers and session handling.
Implements AutoQuery services, custom filters, and permission-aware querying.
Designs request/response DTOs using DTO-first, message-based ServiceStack conventions.
Controls OpenAPI / metadata exposure without compromising ServiceStack-first design.
Uses OrmLite via the implicit Db connection and understands transaction semantics and rollback behavior.
| name | servicestack-authorization |
| description | Applies role-, permission-, and ownership-based authorization using ServiceStack idioms. |
Authorization in ServiceStack is typically handled via attributes applied to Request DTOs or Service classes.
[RequiredRole("Admin")]: Requires the user to have the "Admin" role.[RequiresAnyRole("Admin", "Manager")]: Requires any of the specified roles.[RequiredPermission("CanEdit")]: Requires the user to have a specific permission.[RequiredRole("Admin")]
public class AdminOnlyRequest : IReturn<AdminResponse> { ... }
Since ServiceStack's philosophy is "it's just code," ownership checks are often implemented inside the service:
public object Any(UpdateOrder request)
{
var order = Db.SingleById<Order>(request.Id);
if (order.CreatedBy != GetSession().UserAuthId)
throw HttpError.Forbidden("You do not own this order.");
// ... logic
}
You can create custom attributes by inheriting from AuthenticateAttribute or implementing IHasRequestFilter.
ServiceModel project. This ensures visibility in the metadata and Swagger.if (User.IsInRole(...)) in services whenever possible; use the declarative attributes to keep the service code clean.