How can I implement ServiceStack.net rest call over HTTPS?

Asked 12/10, 2011 at 14:49 Answered 1/1, 2015 at 7:25

Solved c#asp.net asp.net-mvc appharbor servicestack

I would like to authenticate users of my servicestack.net rest services using basic auth over HTTPS.

Can anyone explain how the https portion of this would work or point me in the right direction? Is it the responsibility of the client to ensure the calls are made over https? Do I need to do anything involving SSL Certificates to enable this?

This service will most likely live on AppHarbor if that matters.

EDIT

Can anyone cite specific examples of how to accomplish this in service stack. I think that I would be having all of the services in my api require HTTPS. Would I be able to accomplish this using request filters?

Oceanic answered 12/10, 2011 at 14:49 Comment(1)

I didn't make the change but you might want to ask a follow up question or tag this one with appharbor to alert the appharbor community, they're quite helpful. – Lugger 14/10, 2011 at 5:56

You will need to have an SSL Certificate purchased and installed to handle https (you should be able to get one from your domain name provider, which you will then need to install on your hosting server). The service clients will generally be allowed to connect by any method they choose. It will be your responsibility to stop the request and generate an error message to the client if they attempt to connect by http, instead of allowing them access.

You can validate whether they are on http or https by checking the Request.Url.Scheme property in your REST Service API. Typically, a request for http on a service that requires https will return an HTTP 403 (forbidden) status code. If you have access to IIS, you can force HTTPS easily without doing any coding: http://www.sslshopper.com/iis7-redirect-http-to-https.html

Humiliating answered 12/10, 2011 at 15:0 Comment(2)

Thanks for the info. I think I am going to need a little more info on implementing this specifically in servicestack.net. I will not have access to these settings in IIS through appharbor as far as i know. – Oceanic 12/10, 2011 at 16:19

@stephen776- were u able to implement this on servicestack? Given that it is a few years ago, what has been your experience with SS and https? – Purgation 13/11, 2015 at 17:56

If you don't need on all services the following at the top of any service that needs the security does the job:

    if (!Request.IsSecureConnection)
    {
        throw new HttpError(HttpStatusCode.Forbidden,"403","HTTPS ONLY");
    }

However it's better to this as a filter attribute: https://github.com/ServiceStack/ServiceStack/wiki/Filter-attributes

If you want it globally, you could apply your attribute to a shared BaseService or better use a global filter: https://github.com/ServiceStack/ServiceStack/wiki/Request-and-response-filters

...Like this:

this.GlobalRequestFilters.Add((req, res, dto) =>
{
    if (!req.IsSecureConnection)
    {
        res.StatusCode = (int)HttpStatusCode.Forbidden;
        res.Close();
    }
});

If you want one that redirects to https rather than reject request then you could base it on this: http://weblogs.asp.net/dwahlin/requiring-ssl-for-asp-net-mvc-controllers

Jackstraws answered 1/1, 2015 at 7:25 Comment(0)

Recommended topics

Hot tags