I'm exploring using ServiceStack as an alternative to WCF. One of my requirements is that the server and client must mutually authenticate using certificates. The client is a service so I cannot use any type of authentication that involves user input. Also the client needs to be able to run on Linux using mono so Windows authentication is out.
I've bound my server certificate to the port of my server using netsh.exe, validated the client is getting the server certificate and data is being encrypted using wireshark. However I can't for the life of me figure out how to configure the server to require a client certificate.
Some people suggested using request filters to validate the client certificate, but that seems very inefficient since every request would check the client certificate. Performance is a very high priority. Creating a custom IAuthProvider seems promising, but all the documentation and examples are oriented to authentication types that involve user interaction at some point and not certificates.
https://github.com/ServiceStack/ServiceStack/wiki/Authentication-and-authorization
Is it possible to use certificates to mutually authenticate the client and server with a self-hosted ServiceStack service?
Here is my test service for reference.
public class Host : AppHostHttpListenerBase
{
public Host()
: base("Self-hosted thing", typeof(PutValueService).Assembly)
{
//TODO - add custom IAuthProvider to validate the client certificate?
this.RequestFilters.Add(ValidateRequest);
//add protobuf plugin
//https://github.com/ServiceStack/ServiceStack/wiki/Protobuf-format
Plugins.Add(new ProtoBufFormat());
//register protobuf
base.ContentTypeFilters.Register(ContentType.ProtoBuf,
(reqCtx, res, stream) => ProtoBuf.Serializer.NonGeneric.Serialize(stream, res),
ProtoBuf.Serializer.NonGeneric.Deserialize);
}
public override void Configure(Funq.Container container)
{}
void ValidateRequest(IHttpRequest request, IHttpResponse response, object dto)
{
//TODO - get client certificate?
}
}
[DataContract]
[Route("/putvalue", "POST")]
//dto
public class PutValueMessage : IReturnVoid
{
[DataMember(Order=1)]
public string StreamID { get; set; }
[DataMember(Order=2)]
public byte[] Data { get; set; }
}
//service
public class PutValueService : Service
{
public void Any(PutValueMessage request)
{
//Comment out for performance testing
Console.WriteLine(DateTime.Now);
Console.WriteLine(request.StreamID);
Console.WriteLine(Encoding.UTF8.GetString(request.Data));
}
}