protected override void RequestStartup(TinyIoCContainer requestContainer, IPipelines pipelines, NancyContext context)
{
// At request startup we modify the request pipelines to
// include stateless authentication
//
// Configuring stateless authentication is simple. Just use the
// NancyContext to get the apiKey. Then, use the apiKey to get
// your user's identity.
var configuration =
new StatelessAuthenticationConfiguration(nancyContext =>
{
//for now, we will pull the apiKey from the querystring,
//but you can pull it from any part of the NancyContext
var apiKey = (string)nancyContext.Request.Query.ApiKey.Value;
//get the user identity however you choose to (for now, using a static class/method)
return(UserDatabase.GetUserFromApiKey(apiKey));
});
AllowAccessToConsumingSite(pipelines);
StatelessAuthentication.Enable(pipelines, configuration);
}
//by this time, the api key should have already been pulled out of our querystring
//and, using the api key, an identity assigned to our NancyContext
public SecureModule()
{
this.RequiresAuthentication();
Get("secure", args =>
{
//Context.CurrentUser was set by StatelessAuthentication earlier in the pipeline
var identity = this.Context.CurrentUser;
//return the secure information in a json response
var userModel = new UserModel(identity.Identity.Name);
return(this.Response.AsJson(new
{
SecureContent = "here's some secure content that you can only see if you provide a correct apiKey",
User = userModel
}));
});
Post("secure/create_user", args =>
{
Tuple <string, string> user = UserDatabase.CreateUser(this.Context.Request.Form["username"], this.Context.Request.Form["password"]);
return(this.Response.AsJson(new { username = user.Item1 }));
});
}
