Skip to content

Julian Rodriguez

← Customer Feedback for ServiceStack

My feedback

3 results found

  1. Abstraction for Cassandra and other common NoSQL option

    10 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Feature Requests  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Julian Rodriguez supported this idea  · 

  2. Port AspNetWindowsAuthentication To .Net Core

    6 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    0 comments  ·  Feature Requests  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Julian Rodriguez shared this idea  · 

  3. Built-in Active Directory Authentication suport.

    163 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    8 comments  ·  Feature Requests  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    Julian Rodriguez commented  · 

    Hi Demis, I'm a bit late to the party, but I thought I'd post some feedback here.

    - I primarily use this to leverage integrated(Kerberos/Negotiate) authentication from Windows. One early thing I needed do to was map a user's AD groups to ServiceStack Roles. Initially, I extended the LoadUserAuthInfo function to do an AD lookup to groups, then dump the list of groups to the user's AuthUserSession.Roles. This, while a common way people do AD authorization outside of Windows, is a bit expensive because of the LDAP lookup for every auth request. The original IIS request does contain the Kerberos ticket (with the AD groups already burned into the ticket), but I couldn't get the request without subclassing AspNetWindowsAuthProvider:

    public class CustomWindowsAuthProvider : AspNetWindowsAuthProvider
    {
    public CustomWindowsAuthProvider(IAppHost appHost) : base(appHost)
    {

    }

    public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
    {
    var request = authService.Request.OriginalRequest as System.Web.HttpRequestWrapper;

    using (WindowsIdentity userId = request?.LogonUserIdentity)
    {
    List<string> roles = new List<string>();
    if (userId?.Groups != null)
    foreach (var group in userId.Groups)
    {
    // Remove the domain name from the name of the group, if it has it, and you don't need it.
    var groupName = new SecurityIdentifier(group.Value).Translate(typeof(NTAccount)).ToString();
    if (groupName.Contains("\\"))
    groupName = groupName.Split('\\')[1];
    roles.Add(groupName);
    }
    session.Roles = roles;
    }
    return base.OnAuthenticated(authService, session, tokens, authInfo);
    }

    }

    It would be nice if something similar to the above was burned into the base AspNetAuthProvider. (I'm not sure if the above works for all scenarios).

    - Give the above scenario (IIS with integrated authentication), how does the .NET SSE client authenticate? I didn't see a Credentials property for the SSE client.

Feedback and Knowledge Base

(thinking…)