-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Stateless authentication
This document provides an overview on how to enable stateless authentication in your Nancy application. Stateless authentication enables you to inspect each incoming request and, based on information about that request, decide if it should be treated as an authenticated request or not.
For instance you could inspect the request to make sure that a query string parameter was passed in (perhaps an apikey), that a certain header is available or that the request originated from a certain ip-address. The full request is at your disposal!
To enable stateless authentication, in your application, you need to complete the following steps
- Install the
Nancy.Authentication.Statelesspackage - Configure and enable Stateless Authentication
- Secure your modules
To enable Stateless Authentication, all you have to do it add a line like this to your bootstrapper:
StatelessAuthentication.Enable(pipelines, statelessAuthConfiguration);The statelessAuthConfiguration variable, that is passed into FormsAuthentication.Enable method, is an instance of the StatelessAuthenticationConfiguration type, which enables you to customize the behavior of the stateless authentication provid
When creating an instance of the StatelessAuthenticationConfiguration type, it expects a single parameter of type Func<NancyContext, IUserIdentity>. The function is what is used to inspect the request (or anything else in the context for that matter) and return null if the request should not be treated as authenticated, or the appropriate IUserIdentity if it should.
var configuration =
new StatelessAuthenticationConfiguration(ctx =>
{
if (!ctx.Request.Query.apikey.HasValue)
{
return null;
}
// This would where you authenticated the request. IUserApiMapper is
// not a Nancy type.
var userValidator =
container.Resolve<IUserApiMapper>();
return userValidator.GetUserFromAccessToken(ctx.Request.Query.apikey);
});[<< Part 20. The Super Simple View Engine](The Super Simple View Engine) - Documentation overview
- Introduction
- Exploring the Nancy module
- Routing
- Taking a look at the DynamicDictionary
- Async
- View Engines
- Using Models
- Managing static content
- Authentication
- Lifecycle of a Nancy Application
- Bootstrapper
- Adding a custom FavIcon
- Diagnostics
- Generating a custom error page
- Localization
- SSL Behind Proxy
- Testing your application
- The cryptography helpers
- Validation
- Hosting Nancy with ASP.NET
- Hosting Nancy with WCF
- Hosting Nancy with Azure
- Hosting Nancy with Suave.IO
- Hosting Nancy with OWIN
- Hosting Nancy with Umbraco
- Hosting Nancy with Nginx on Ubuntu
- Hosting Nancy with FastCgi
- Self Hosting Nancy
- Implementing a Host
- Accessing the client certificate when using SSL
- Running Nancy on your Raspberry Pi
- Running Nancy with ASP.NET Core 3.1