ServiceStack Custom authentication class for User & Admin

Question

I was just looking for feedback on how to go about implementing this:

I have two types of users needing authentication in my system, Users & Admins. Now the tasks they will carry out and the data I store about them warrants that they each have a separate database table storing their info/authentication info.

I have implemented a working CredentialsAuthProvider called UserCredentialsProvider that authenticates users at /auth/credentials. The logic checks the User table in the database and authenticates. Now to authenticate Admins should I implement a second CredentialsAuthProvider called AdminCredentialsAuthProvider and register each on separate routes such as /user/auth/credentials and /admin/auth/credentials or also implement the admin logic within the same TryAuthenticate of UserCredentialsProvider.

If either above is the solution how would I go about registering separate routes or differentiating between admin/user when calling TryAuthenticate.

Any help would be great. Thank you.

Answer 1

I would stick with only one endpoint and one provider for authentication. This will greatly simplify authentication.

Under the hood your auth provider needs to check both users and admins table. Once you have that I would translate all the data from both user and admin tables into one combined user resource. Admins should be denoted as users with the "Admin" role. That way you can still leverage built in Roles in ServiceStack.

In other words, I would sweep the complexity under some kind of data access layer so that your endpoints stay nice and clean.