Reputation: 389
ACL-based API Permissions in Servicestack
Situation:
I am coding a service application for my company and since fixed roles are not suitable in my case I want to establish ACL based access to my API services.
The model and the database side are not my problem.
Question:
How would I relaize a Request Filter that runs after Authentication (JWT and Credentials) but before my services (Get, Post,...) which determines if the user is allowed to call that action (in this filter I would check my ACLs and return allowed or refused).
I don't need a turnkey solution but suggestions are very welcome!
Details: Roles and User don't exist at implementation time. In my Frontend I want to create roles and users (like Windows or similar) and assign rights dynmically. Rights of roles and users could change. Even roles couldbe deleted and replaced by others.
Upvotes: 2
Views: 114
Answers (1)
Reputation: 143319
This sounds like you just want to validate permissions so I'd use the built-in [RequiredPermission] or [RequiresAnyPermission] attributes if it fits your use-case.
Otherwise my preferred approach would be to implement any ACL's using a declarative Request Filter Attribute which is also how the built-in AuthenticateAttribute.cs are implemented but with a negative Priority so they will be executed before any custom Filter Attributes which by default have a Priority=0.
Upvotes: 1
Related Questions
- ServiceStack HasPermission in the context of the request
- ServiceStack on .NET Core using Authorization Policies
- Fine grained authorization in ServiceStack API
- ServiceStack - roles and permissions
- ServiceStack allow get on all endpoints while developing
- Securing ServiceStack Services
- ServiceStack adding roles and permissions with custom AuthUserSession
- How to require one permission *or* another permission to access a ServiceStack web service?
- Authorization Roles and Permissions
- ASP.NET MVC 3 Restrict API Access