This is just a collection of notes around using MVC with ServiceStack for authentication and authorization.

Authentication in MVC

Authenticate / Require Role / Require Permission

// GET: /Admin/Doctors/List
[ExecuteServiceStackFilters]
[Authenticate]
[RequiredRole(RoleNames.Admin)]
[RequiredRole("Admin")]
[RequiredPermission]
public ActionResult List() {
return View();
}

How can I overwrite Login Url in ServiceStack.MVC authentication?

Sample Code:

public abstract class ControllerBase : ServiceStackController<CustomAuthSession> {
    public override string LoginRedirectUrl {
        get { return "/account/login?redirectTo={0}"; }
    }
}

More details on Answer on Stack Overflow

More info on authentication and authorization in the Service Stack documentation

Authentication using Credentials Auth

Sample of Successful Registration

URI

http://localhost:51737/api/register

Headers

Content-headers:   application/json
encoding:  utf-8
method: POST

Payload:

{"UserName":"philhack","FirstName":"Phil","LastName":"Hack","DisplayName":"Phil Hack","Email":"phil@philhack.com","Password":"somepassword","AutoLogin":false,"Continue":""}

Sample Successful Response

Status: 200 OK
{
    "UserId": "1",
    "ReferrerUrl": "",
    "ResponseStatus": {}
}

Sample Failure Response When User Already Exists

Status Code: 400

{
    "ResponseStatus": {
        "ErrorCode": "ValidationException",
        "Message": "Validation failed: \r\n -- UserName already exists\r\n -- Email already exists",
        "Errors": [{
            "ErrorCode": "AlreadyExists",
            "FieldName": "UserName",
            "Message": "UserName already exists"
        }, {
            "ErrorCode": "AlreadyExists",
            "FieldName": "Email",
            "Message": "Email already exists"
        }]
    }
}

Sample of successful authentication

How to authentication using Crediantials Service Stack Auth Provider

Request Uri:  http://localhost:51737/api/auth/credentials
Accept Content-Type:  application/json
Request Method:  POST

Request Parameters:

UserName:  philhack
Password:   password
RememberMe:   false

Content Headers

Content-type:   application/x-www-form-urlencoded
Encoding: utf-8

Success Response:

StatusCode: 200
Response Body:
{
    "UserId": "1",
    "SessionId": "Pbu14a9gyJ8YvvMFPyTi",
    "UserName": "philhack",
    "ResponseStatus": {}
}

Invalid Credentials response

Status Code: 401
Response Body:
{
    "ResponseStatus": {
        "ErrorCode": "Invalid UserName or Password",
        "Message": "Invalid UserName or Password",
        "Errors": []
    }
}