TechQA.

Turn off GET Access to ServiceStack Custom Credentials Provider

140 views Asked by At

I know I ran across a post at some point, but I can't seem to find anything. It seems that by default, ServiceStack allows access to /auth via GET or POST. GET is not something we want in production.

I need to turn off GET access to /auth. Any ideas?

servicestack servicestack-auth
Original Q&A
1

There are 1 answers

1
mythz On BEST ANSWER

You can use the AuthenticateServices custom ValidateFn to add your own custom validation, e.g:

AuthenticateService.ValidateFn = (authService, verb, requestDto) => {
    if (verb == HttpMethods.Get) 
        throw new NotSupportedException("GET's not allowed");
};

Otherwise you can add your own Restricting Services Attributes on services you don't own by using the fluent API for dynamically adding attributes, e.g:

typeof(Authenticate)
    .AddAttributes(new RestrictAttribute(RequestAttributes.HttpPost));

Related Questions in SERVICESTACK

Related Questions in SERVICESTACK-AUTH

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions