See the Authentication and Authorization docs to learn about Authentication in ServiceStack which is encompassed by the high-level Overview:
ServiceStack uses a standard HTTP Session implementation which uses an Auth Repository to persist users and a Caching Provider to store Authenticated User Sessions:
Once Authentication is established Session Cookies are used to reference a Users typed Authenticated User Session:
ServiceStack also supports Auth Providers that "Authenticate per request" where both Authentication and Validation are performed within the same request:
Auth Providers
ServiceStack's built-in Auth Providers fall into 3 main categories:
Credentials Auth Providers
If using ServiceStack to manage your Apps entire Authentication and persistence of Users you would use one of the available Auth Repositories and authenticate against one of the following Auth Providers:
| Provider | Class Name | Route | Description |
|---|---|---|---|
| Credentials | CredentialsAuthProvider | /auth/credentials | Standard Authentication using Username/Password |
| Basic Auth | BasicAuthProvider | HTTP Basic Auth | Username/Password sent via HTTP Basic Auth |
| Digest Auth | DigestAuthProvider | HTTP Digest Auth | Username/Password hash via HTTP Digest Auth |
OAuth Providers
The following OAuth Providers are built into ServiceStack and can be used in both ASP.NET Core and .NET Framework Apps:
| Provider | Class Name | Route | Create OAuth App Link |
|---|---|---|---|
FacebookAuthProvider | /auth/facebook | developers.facebook.com/apps | |
TwitterAuthProvider | /auth/twitter | dev.twitter.com/apps | |
GoogleAuthProvider | /auth/google | console.developers.google.com | |
| GitHub | GithubAuthProvider | /auth/github | github.com/settings/applications/new |
| Microsoft | MicrosoftGraphAuthProvider | /auth/microsoftgraph | apps.dev.microsoft.com |
LinkedInAuthProvider | /auth/linkedin | www.linkedin.com/secure/developer | |
| Yammer | YammerAuthProvider | /auth/yammer | www.yammer.com/client_applications |
| Yandex | YandexAuthProvider | /auth/yandex | oauth.yandex.ru/client/new |
| VK | VkAuthProvider | /auth/vkcom | vk.com/editapp?act=create |
| Odnoklassniki | OdnoklassnikiAuthProvider | /auth/odnoklassniki | www.odnoklassniki.ru/devaccess |
More information about how OAuth providers works, see the video tutorial below.
IAuthWithRequest Auth Providers
The following Auth Providers all implement IAuthWithRequest and "Authenticate per-request":
| Provider | Class Name | Auth Method | Description |
|---|---|---|---|
| JWT | JwtAuthProvider | Bearer Token | Stateless Auth Provider using JSON Web Tokens |
| API Keys | ApiKeyAuthProvider | Bearer Token | Allow 3rd Parties access to authenticate without a password |
| Basic Auth | BasicAuthProvider | Basic Auth | Authentication using HTTP Basic Auth |
| Digest Auth | DigestAuthProvider | Digest Auth | Authentication using HTTP Digest Auth |
Other special Auth Providers that Authenticate per-request:
- Windows Auth in
AspNetWindowsAuthProvider- Authentication using Windows Auth built into ASP.NET. - Claims Auth in
NetCoreIdentityAuthProvider- Pass through Auth Provider that delegates to ASP.NET Core Identity Auth or Identity Server.
Additional documentation for specific Auth Providers:
ASP.NET Core Project Templates with integrated Auth
- Using ServiceStack Auth in MVC - using the mvcauth project template
- Using ASP.NET Identity Auth - using the mvcidentity project template
- Using IdentityServer4 Auth - using the mvcidentityserver project template
World Validation
See the annotated World Validation Docs for a detailed walks through and showcases the implementation of how the most popular Server HTML rendered approaches and Client UI rendered technologies use the same Authentication and Registration Services.
Live Demos
To illustrate Authentication integration with ServiceStack, see the authentication-enabled Live Demos below:
.NET Core
- New TechStacks
- GitHub, Twitter and JWT Auth
- SimpleAuth.Mvc
- Twitter, Facebook, GitHub, VK, Yandex and Credentials Auth
- Chat
- Twitter, Facebook and GitHub Auth
Mobile
- Android Java Chat
- Facebook, Twitter and Google Auth
- Android Xamarin Chat
- Twitter Auth
.NET Framework
- HttpBenchmarks Application
- Step-by-Step Authentication Guide
- Twitter, Facebook, Google, LinkedIn and Credentials Auth
- Angular TechStacks
- Twitter, GitHub and JWT Auth
- Gistlyn
- GitHub and JWT Auth
- AWS Auth
- Twitter, Facebook, GitHub, Google, Yahoo, LinkedIn, and Credentials Auth
- MVC and WebForms Example
- Twitter, Facebook, GitHub, Google, Yahoo, LinkedIn, VK, Credentials and Windows Auth
- Chat
- Twitter, Facebook and GitHub Auth
- React Chat
- Twitter, Facebook and GitHub Auth
- SocialBootstrap Api
- Twitter, Facebook, Yahoo and Credentials Auth
Sessions
See the Session docs for more info about customizing Sessions and handling different Session and Auth events.
Restricting Services
See the Restricting Services docs for learning how to control the Visibility and Access restrictions on any service using the [Restrict] attribute.
Community Resources
- Building a ServiceStack OAuth2 resource server using DotNetOpenAuth by @dylanbeattie
- Declarative authorization in REST services in SharePoint with F# by @sergey_tihon
- Authenticate ServiceStack services against an Umbraco membership provider by Gavin Faux
- Using OAuth with ArcGIS Online and ServiceStack by @davetimmins
- LinkedIn Provider for ServiceStack Authentication by @binu_thayamkery
- A Step by Step guide to create a Custom IAuthProvider by @rngoodness
- Simple API Key Authentication With ServiceStack by @rossipedia
- Authenticating ServiceStack REST API using HMAC by @jokecamp
- ServiceStack Credentials Authentication and EasyHttp: Part 1, Part 2, Part 3 by @chrissie1