How to disable ServiceStack sessions while keeping authentication features to implement per-request authentication

Question

I'm trying to force per request authentication, but by adding the AuthFeature the SessionFeature gets added automatically, which appears to cache the authentication result (I'm not getting multiple calls to IUserAuthRepository.TryAuthenticate across requests coming from the same client).

I've tried commenting out the SessionFeature being added in the AuthFeature but it doesn't seem to have an effect, a session is still created? Also, in the AuthFeature constructor I pass in null for the session factory, and still a session is created. I would expect this to either not create a session, or throw an exception? Anyway, I will continue to explore this area, but to make progress on this project I just need to know how to do per-request authentication with the built-in authentication providers?

Answer 1

In our project we go to the simple way.

Create some thing in bellow.

Base Auth class:

 public class TagAuth
    {
        /// <remarks/>
        public string agent { get; set; }

        /// <remarks/>
        public string sign { get; set; }

        /// <remarks/>
        public string ts { get; set; }

        /// <remarks/>
        public int seed { get; set; }
    }

Base class for all request:

 public class BaseRequest
    {
        /// <remarks/>
        public TagAuth auth { get; set; }
    }

Use BaseRequest class for all request in model:

public class Cancel : BaseRequest
    {

        public long bid { get; set; }

    }

Implement ServiceInterface:

public class CancelService : ServiceBase {

protected override object Run(Cancel request)
{
    SecurityManager.CheckAuthorization(request.auth); 
    return CancelRouter.Route(request);
}

}

But native support per-request auth is intresting for us too.