Search code examples
c#authenticationservicestackapp-configanonymous

How to enable or disable authentication using config parameter or variable?

I would like to implement a switch in configuration that allows to enable (windowsAuth=true) or disable Windows authentication (windowsAuth=false), so it will be used as anonymous.

How to achieve that in possible easy way or maybe there is something already ready to use?

I tried to set the following to disable. 

<system.web>
    <authentication mode = "None" />
    <authorization >
        <allow users="*" />
    </authorization>
</system.web>

However, the prompt for user/pw window still appears upon I click for Try Request in SwaggerUI.

Below the code 

private void SetupPlugins(Container container)
{
    container.Register<IDbConnectionFactory>(c =>
        new OrmLiteConnectionFactory(connString, SqlServerDialect.Provider));

    container.RegisterAs<OrmLiteCacheClient, ICacheClient>();

    container.Resolve<ICacheClient>().InitSchema();

    container.Register<IAuthRepository>(c =>
        new OrmLiteAuthRepository(c.Resolve<IDbConnectionFactory>()));

    container.Resolve<IAuthRepository>().InitSchema();

    Plugins.Add(new AuthFeature(() => new AuthUserSession(), 
    new IAuthProvider[] {
            new AdGroupAuthProvider(container.Resolve<IActiveDirectoryAuthHelper>(),
            GlobalConfiguration.Instance.AllowedActiveDirectoryGroup)
        }
    ));
}

internal class AdGroupAuthProvider : BasicAuthProvider
{
    private readonly IActiveDirectoryAuthHelper _adLoggingHelper;
    private readonly string _loggedUserAdGroup;

    public AdGroupAuthProvider(IActiveDirectoryAuthHelper loggingHelper, string loggedUserAdGroup)
    {
        _adLoggingHelper = loggingHelper;
        _loggedUserAdGroup = loggedUserAdGroup;
    }
    public override bool Authenticate(IServiceBase loggingServiceBase, string userName, string password)
    {
        return _adLoggingHelper.HasUserAssignedGroup(userName, password, _loggedUserAdGroup);
    }
}

[Authenticate(ApplyTo.Get)]
[Route("/someRoute", "GET")]
public class someRequest { ...}
Solution

  • Finally, I found the solution to quickly enable/disable authentication. We can resolve it by adding Authenticate attributes dynamically. This can also be easily change to use different auth provider.

    So, we can easily determine by this AuthenticateAttribute if Request A, B or C must have enabled authentication or not.

    private void SetupPlugins(Container container, ILog log)
{ ...
    bool activeDirectoryAuthentication = ToBoolean(GlobalConfiguration.Instance.ActiveDirectoryAuthentication);
    ApplyTo applyTo = ApplyTo.Get;
    if (!activeDirectoryAuthentication) applyTo = ApplyTo.None;

    typeof(RequestA).AddAttributes(new AuthenticateAttribute(applyTo));
    typeof(RequestB).AddAttributes(new AuthenticateAttribute(applyTo));
    typeof(RequestC).AddAttributes(new AuthenticateAttribute(applyTo));
    ...
 }