Skip to content

I suggest you ...

← Feature Requests

Allow customization of authentication route verbs

It is currently possible to override the default authentication routes, but only the path can be set. It would be useful to be able to override the allowed verbs. I'd like to be able to prevent GET /auth/credentials, by limiting the endpoint to POSTs only. I've not been able to find any other ways of doing this.

3 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
George Hemmings shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • AdminDemis J Bellot (Developer, ServiceStack) commented  ·   ·  Report

    Apologies thought I left this as a public comment, but it looks like it was just saved as a private note, here's the existing code:

    The AuthenticateService has a ValidateFn you can use to apply Custom Logic, e.g:

    AuthenticateService.ValidateFn = (service, verb, requestDto) => {
    if (verb != HttpMethods.Post)
    throw HttpError.Forbidden("Only POST methods allowed");
    };

    Otherwise you can just global request filter to short-circuit the response for `Authenticate` requests, e.g:

    GlobalRequestFilters.Add((req, res, requestDto) => {
    if (requestDto is Authenticate && req.Verb != HttpMethods.Post) {
    res.StatusCode = (int)HttpStatusCode.Forbidden;
    res.StatusDescription = ""Only POST methods allowed";
    res.EndRequest();
    }
    });

  • George Hemmings commented  ·   ·  Report

    Are you able to point me in the right direction please? I've tried overriding GetRouteAttributes, but the route isn't configured at the point.

Feature Requests

Categories

Feedback and Knowledge Base

(thinking…)