I suggest you ...

Allow customization of authentication route verbs

It is currently possible to override the default authentication routes, but only the path can be set. It would be useful to be able to override the allowed verbs. I'd like to be able to prevent GET /auth/credentials, by limiting the endpoint to POSTs only. I've not been able to find any other ways of doing this.

3 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    George Hemmings shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • AdminDemis J Bellot (Developer, ServiceStack) commented  ·   ·  Flag as inappropriate

        Apologies thought I left this as a public comment, but it looks like it was just saved as a private note, here's the existing code:

        The AuthenticateService has a ValidateFn you can use to apply Custom Logic, e.g:

        AuthenticateService.ValidateFn = (service, verb, requestDto) => {
        if (verb != HttpMethods.Post)
        throw HttpError.Forbidden("Only POST methods allowed");
        };

        Otherwise you can just global request filter to short-circuit the response for `Authenticate` requests, e.g:

        GlobalRequestFilters.Add((req, res, requestDto) => {
        if (requestDto is Authenticate && req.Verb != HttpMethods.Post) {
        res.StatusCode = (int)HttpStatusCode.Forbidden;
        res.StatusDescription = ""Only POST methods allowed";
        res.EndRequest();
        }
        });

      • George Hemmings commented  ·   ·  Flag as inappropriate

        Are you able to point me in the right direction please? I've tried overriding GetRouteAttributes, but the route isn't configured at the point.

      Feedback and Knowledge Base