/* * // not needed anymore, we do the type resolution ourselves now. * * private static readonly string[] _hideKnownAssemblies = new[] { * "ServiceStack", // exclude the service stack assembly * "ClrPlus", * "b03f5f7f11d50a3a", // Microsoft * "b77a5c561934e089", // Microsoft * "31bf3856ad364e35" // Microsoft * }; * * private static IEnumerable<Assembly> GetActiveAssemblies() { * return AppDomain.CurrentDomain.GetAssemblies().Where(each => !_hideKnownAssemblies.Any(x => each.FullName.IndexOf(x) > -1)); * } */ public override void Configure(Container container) { _configured = true; // Feature disableFeatures = Feature.Jsv | Feature.Soap; SetConfig(new EndpointHostConfig { // EnableFeatures = Feature.All.Remove(disableFeatures), //all formats except of JSV and SOAP DebugMode = true, //Show StackTraces in service responses during development WriteErrorsToResponse = false, //Disable exception handling DefaultContentType = ContentType.Json, //Change default content type AllowJsonpRequests = true, //Enable JSONP requests ServiceName = "RestService", }); #if DEBUG LogManager.LogFactory = new DebugLogFactory(); #endif using (var ps = RunspacePool.Dynamic()) { foreach (var restCommand in _activeCommands) { PSObject command = ps.LookupCommand(restCommand.Name); if (command != null) { var cmdletInfo = (command.ImmediateBaseObject as CmdletInfo); if (cmdletInfo != null) { dynamic d = new AccessPrivateWrapper((ServiceController as ServiceController)); // for each type we're adding, see if it's already been added already. if (!d.requestExecMap.ContainsKey(cmdletInfo.ImplementingType)) { (ServiceController as ServiceController).RegisterGService(GetTypeFactory(cmdletInfo.ImplementingType), cmdletInfo.ImplementingType); (ServiceController as ServiceController).RegisterNService(GetTypeFactory(cmdletInfo.ImplementingType), cmdletInfo.ImplementingType); } ReverseLookup.AddOrSet(cmdletInfo.ImplementingType, restCommand); Routes.Add(cmdletInfo.ImplementingType, "/" + restCommand.PublishAs + "/", "GET"); } else { throw new ClrPlusException("command isn't cmdletinfo: {0}".format(command.GetType())); } } } } Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[] { new CustomBasicAuthProvider(), // new CustomCredentialsAuthProvider(), } )); // stick a request filter in to validate that the user has the right to actually // call this method. RequestFilters.Add((request, response, requestDto) => { var restCommand = ReverseLookup[requestDto.GetType()]; // is this one of the restCommands? // and does it has roles defined? if (restCommand != null && !restCommand.Roles.IsNullOrEmpty()) { // ensure we're authenticated if the user passed the right stuff in the request try { AuthenticateAttribute.AuthenticateIfBasicAuth(request, response); } catch (Exception e) { Console.WriteLine(e.Message); response.StatusCode = 401; response.AddHeader("WWW-Authenticate", "Basic realm=\"rest-service\""); response.StatusDescription = "Unauthorized"; response.EndServiceStackRequest(false); return; } // get the session object. var session = request.GetSession(false); // check if we got our authentication. if (!session.IsAuthenticated) { response.StatusCode = 401; response.AddHeader("WWW-Authenticate", "Basic realm=\"rest-service\""); response.StatusDescription = "Unauthorized"; response.EndServiceStackRequest(false); return; } // validate the user has the role. if (!restCommand.Roles.Any(session.HasRole)) { response.StatusCode = 403; response.StatusDescription = "Forbidden"; response.EndServiceStackRequest(false); } var req = (requestDto as IHasSession); if (req != null) { req.Session = session; } } }); }