I state that I use ServiceStack to authenticate my services. My problem is the following I am developing two authentication methods via credentials and via API key. The implementation is correct but I would like some services to be authenticated through Credentials while other services through API key. Reading from documentation it seemed to me that I understood that it was enough to insert in the [Authenticate] attribute the provider parameter equal to the property Name of the reference Auth class (Credentials or API), getting [Authenticated ("apikey")] for example. Unfortunately, implementing the example above, if I authenticate with credentials, I can call the service while I would only like this service to be called via API key. Do you have any solutions? thanks a lot
The [Authenticate(provider)] will check if the User is considered to be authenticated according to that Auth Provider where it calls the AuthProviders IsAuthorized() to verify if the session is authenticated.
If you want to mandate that a Request was authenticated using an API Key you can check for it in your Service implementation, e.g:
if (Request.GetSession().AuthProvider != ApiKeyAuthProvider.Name)
throw HttpError.Forbidden("Must authenticate with API Key");