protected override void RequestStartup(TinyIoCContainer requestContainer, IPipelines pipelines, NancyContext context) { // At request startup we modify the request pipelines to // include stateless authentication // // Configuring stateless authentication is simple. Just use the // NancyContext to get the apiKey. Then, use the apiKey to get // your user's identity. var configuration = new StatelessAuthenticationConfiguration(nancyContext => { //for now, we will pull the apiKey from the querystring, //but you can pull it from any part of the NancyContext var apiKey = (string)nancyContext.Request.Query.ApiKey.Value; //get the user identity however you choose to (for now, using a static class/method) return(UserDatabase.GetUserFromApiKey(apiKey)); }); AllowAccessToConsumingSite(pipelines); StatelessAuthentication.Enable(pipelines, configuration); }
//by this time, the api key should have already been pulled out of our querystring //and, using the api key, an identity assigned to our NancyContext public SecureModule() { this.RequiresAuthentication(); Get("secure", args => { //Context.CurrentUser was set by StatelessAuthentication earlier in the pipeline var identity = this.Context.CurrentUser; //return the secure information in a json response var userModel = new UserModel(identity.Identity.Name); return(this.Response.AsJson(new { SecureContent = "here's some secure content that you can only see if you provide a correct apiKey", User = userModel })); }); Post("secure/create_user", args => { Tuple <string, string> user = UserDatabase.CreateUser(this.Context.Request.Form["username"], this.Context.Request.Form["password"]); return(this.Response.AsJson(new { username = user.Item1 })); }); }