Home/ Questions/Q 8982713
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T20:38:57+00:00

The ServiceStack docs are full of examples on how to use server side implementation

  • 0

The ServiceStack docs are full of examples on how to use server side implementation of authentication of a user. But how does one set the user credentials on the client side?

I use ServiceStack to consume a JSON REST service like this:

var restClient = new JsonServiceClient (baseUri);
var response = restClient.Get<MyResponse> ("/some/service");

How can I add any form of authentication to the request? The webservice I want to consume uses OAuth 1.0, but I am interested in adding custom authentication, too.

In my code, I have previously performed OAuth token exchange successfully, so I already own a valid access token and need to sign every REST request now using this access token and its token_secret.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Answering myself, as I’ve found a nice way to do it using the LocalHttpWebRequestFilter hook in the JsonServiceClient:

    For securing a web service with OAuth 1.0a, every http request has to send a special Authorization: header. Within this header field, a hash (signature) must be send that uses some characteristics of the request as input data, like the hostname, request url and others.

    Now it seems the LocalHttpWebRequestFilter is called by ServiceStack right before the http request is made, and exposes the underlying HttpWebRequest object, where one can add extra headers and access the required fields of the request.

    So my solution is now basically:

    var client = new JsonServiceClient (baseUri);

client.LocalHttpWebRequestFilter += (request) => {
    // compute signature using request and a previously obtained
    //  access token 
    string authorization_header = CalculateSignature (request, access_token);
  
    request.Headers.Add ("Authorization", authorization_header);
};
var response = client.Get<MySecuredResponse> ("/my/service");

    Note that I use the Devdefined.OAuth library to do all the heavy stuff in CalculateSignature(). The creation of request token, obtaining user authorization, and exchanging the request token for access token as required by OAuth is done outside of ServiceStack, before the above service calls.

    • 0