I have a ServiceStack project with an API on api.mydomain.com. The admin project in the same solution is hosted on admin.mydomain.com. Login / Logout is already handled by the admin application, but I want to make sure the user is authenticated (and sometimes checks permissions) in my api calls. I use authentication through projects , so the auth cookie is available for my api project.
Here is my web.config authentication tag in api project:
<authentication mode="Forms">
<forms protection="All" loginUrl="home/denied" slidingExpiration="true" timeout="60" defaultUrl="home/denied" path="/" domain="mydomain.com" name=".myAuth"></forms>
</authentication>
Based on this authentication and authorization message , I added the [Authenticate] attribute to the service method, expecting it to fail / fail based on the value of IsAuthenticated. However, it is redirected to "home / denied" each time, regardless of whether an auth cookie is present. (I confirmed this by subclassing AuthenticateAttribute and examining OriginalRequest ... A cookie set when logging in using the admin application is present, and req.OriginalRequest.IsAuthenticated is true.)
Why is my request redirected and how do I correctly use the existing authorization credentials set in the admin application?
: , . , IPrincipal .
public class AuthenticateAspNetAttribute : RequestFilterAttribute
{
public override void Execute(IHttpRequest req, IHttpResponse res, object requestDto)
{
SessionFeature.AddSessionIdToRequestFilter(req, res, null);
using (var cache = req.GetCacheClient())
{
var sessionId = req.GetSessionId();
var session = sessionId != null ? cache.GetSession(sessionId) : null;
var originalRequest = (System.Web.HttpRequest) req.OriginalRequest;
var identity = originalRequest.RequestContext.HttpContext.User.Identity;
if (!identity.IsAuthenticated)
AuthProvider.HandleFailedAuth(new BasicAuthProvider(), session, req, res);
}
}
}