I suggest you ...

Allow customization of authentication route verbs

It is currently possible to override the default authentication routes, but only the path can be set. It would be useful to be able to override the allowed verbs. I'd like to be able to prevent GET /auth/credentials, by limiting the endpoint to POSTs only. I've not been able to find any other ways of doing this.

3 votes
Sign in
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
George Hemmings shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: facebook google
Signed in as (Sign out)
  • AdminDemis J Bellot (Developer, ServiceStack) commented  ·   ·  Flag as inappropriate

    Apologies thought I left this as a public comment, but it looks like it was just saved as a private note, here's the existing code:

    The AuthenticateService has a ValidateFn you can use to apply Custom Logic, e.g:

    AuthenticateService.ValidateFn = (service, verb, requestDto) => {
    if (verb != HttpMethods.Post)
    throw HttpError.Forbidden("Only POST methods allowed");

    Otherwise you can just global request filter to short-circuit the response for `Authenticate` requests, e.g:

    GlobalRequestFilters.Add((req, res, requestDto) => {
    if (requestDto is Authenticate && req.Verb != HttpMethods.Post) {
    res.StatusCode = (int)HttpStatusCode.Forbidden;
    res.StatusDescription = ""Only POST methods allowed";

  • George Hemmings commented  ·   ·  Flag as inappropriate

    Are you able to point me in the right direction please? I've tried overriding GetRouteAttributes, but the route isn't configured at the point.

Feedback and Knowledge Base