Home/ Questions/Q 8604083
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T02:28:55+00:00

I am looking at the Rockstars example and ServiceStack.Razor. How do I go about

  • 0

I am looking at the Rockstars example and ServiceStack.Razor.

How do I go about fitting authentication into, say, secure.cshtml page. So I can redirect user to Login.cshtml if required.

I only understand from SocialBootstrapApi example if I mix MVC hybird, I can put [authenticate()] at ServiceStackController to achieve that.

But what if I just want a pure SS project without .net MVC?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The Authenticate attribute is just a plain ServiceStack Request Filter Attribute, i.e. it works in both MVC and ServiceStack.

    Applying this filter will return a 401 UnAuthorized response for all non-HTML requests. e.g. If you called this with Ajax, you could detect this error response and do the redirect on the client.

    From v3.9.23+ of ServiceStack the [Authenticate] attribute will automatically redirect all Authentication errors to ~/login url by default.

    You can override this url when you register the AuthFeature, e.g:

    Plugins.Add(new AuthFeature(...) { HtmlRedirect = "/path/to/my/login" });

    Which will apply globally to all [Authenticate] attributes or you can override this on an adhoc basis with:

    [Authenticate(HtmlRedirect="/path/to/my/login")]

    Note: Attributes are inheritable so you can add this once to a SecuredService class and all subclasses will inherit its behaviour.

    Redirecting manually

    To redirect an UnAuthorized HTML request manually you can do your own checking + redirection with:

    public object Secured(Request request) {
    if (!base.SessionAs<MyCustomSession>().IsAuthenticated)
        return new HttpResult(HttpStatusCode.Redirect, "Un Authorized") { 
           Headers = { {"Location", "/path/to/login" } } };
}

    There is also a DRY wrapper around the above redirect which you can use instead:

    public object Secured(Request request) {
    if (!base.SessionAs<MyCustomSession>().IsAuthenticated)
        return HttpResult.Redirect("/path/to/login");
}
    • 0