RequestService

Members

Namespace: ASPSecurityKit.ServiceStack
Assembly: ASPSecurityKit.ServiceStack.dll

Summary

Implements the IServiceStackRequestService for Service Stack.

Constructors

#ctor(request,response,settings,securityUtility,errorResource,xssValidator)

Summary

Initializes a new instance of the RequestService class.

Parameters
Name Type Description
request ServiceStack.Web.IRequest The request.
response ServiceStack.Web.IResponse The response.
settings ASPSecurityKit.ServiceStack.IServiceStackSecuritySettings The security settings.
securityUtility ASPSecurityKit.ISecurityUtility The security utility.
errorResource ASPSecurityKit.IErrorMessageResourceProvider The error resource.
xssValidator ASPSecurityKit.Xss.IXssValidator The XSS validator.

Properties

Dto

Summary

Gets the request DTO representing the requested operation.

Value

The request DTO representing the requested operation.

Verb

Summary

Gets the http verb of the request.

Value

The http verb of the request.

Operation

Summary

Gets the name of the operation (action/endpoint) invoked.

Value

The name of the operation (action/endpoint) invoked.

IsSecureConnection

Summary

Gets a value indicate whether the connection is secure.

Value

true if the connection is secure; otherwise, false.

AbsoluteUri

Summary

Gets the Absolute URL for the request (including scheme, host, pathInfo etc.).

Value

The Absolute URL for the request (including scheme, host, pathInfo etc.).

RawUrl

Summary

Gets the relative URL sent in the request (such as /pathInfo?queryString).

Value

The relative URL sent in the request.

Headers

Summary

Gets the headers sent in the request.

Value

The headers sent in the request.

QueryString

Summary

Gets the queryString sent in the request as key/value pairs.

Value

The queryString sent in the request as key/value pairs.

Cookies

Summary

Gets the cookies sent in the request.

Value

The cookies sent in the request.

UserAgent

Summary

Gets the caller agent information from the request.

Value

The caller agent information from the request.

Methods

GetCallerIp()

Summary

Gets the Remote IP of the caller.

Returns

The Remote IP of the caller.

Parameters

This method has no parameters.

Remarks

The implementers should attempt to return the actual caller IP considering such headers as X-Forwarded-For, X-Real-IP as well.

GetRawBody()

Summary

Gets the body (raw) from the request.

Returns

The body (raw) from the request.

Parameters

This method has no parameters.

IsMarkedWith(feature,verb)

Summary

Determines whether the requested operation is marked with the specified feature.

Returns

true if the requested operation is marked with the specified feature; otherwise, false.

Parameters
Name Type Description
feature ASPSecurityKit.RequestFeature The feature to check.
verb System.String The http verb (method). Null indicates to use the verb associated with the current request.

GetAttribute<TAttribute>(applyTo)

Summary

Gets the specified attribute from the request DTO.

Returns

The specified attribute from the request DTO if found; otherwise, null.

Parameters
Name Type Description
applyTo System.Nullable{ServiceStack.ApplyTo} The http verb (method). Null indicates to use the verb associated with the current request.
Generic Types
Name Description
TAttribute

GetDisabledReason(verb)

Summary

Gets the reason of why action is disabled.

Returns

The reason of why action is disabled.

Parameters
Name Type Description
verb System.String The http verb (method). Null indicates to use the verb associated with the current request.

GetEntityCode()

Summary

Gets the entity code for the requested operation. Used to specify the entityName argument when calling Authorize or Authorize. See platform specific implementations for more details.

Returns

The entity code for the requested operation.

Parameters

This method has no parameters.

Remarks

If AuthEntityAttribute is specified with a non-empty value, it just returns the value from PermissionCode. Otherwise, first, the DTOSuffix (if specified) is removed from Dto’s type name. Second, the name is further cleansed by calling EntityNameFromDTONameGetter.

GetPermissionCode()

Summary

Gets the permissionCode for the requested operation.

Returns

The permissionCode for the requested operation.

Parameters

This method has no parameters.

WriteToResponse(failureReason,failureDescription,errors)

Summary

Writes the security check failure details to the response. See remarks for more details.

Parameters
Name Type Description
failureReason ASPSecurityKit.OpResult The failure reason.
failureDescription System.String The failure description.
errors System.Collections.Generic.List{ASPSecurityKit.AuthError} The detailed/additional error information to aid in troubleshooting.
Remarks

Regarding the information to be written, the default implementations follow the guidelines mentioned for OpException. Briefly speaking, HTTP status code is first determined using OpResultToStatusCode and if it’s 500, InternalServerError is written to the response rather than the provided failure parameters. However, if IsDevelopmentEnvironment is true, the failure parameters are written to the response regardless of the status code. The default implementations write errors in the json format on the API platforms. For mix platforms, the default implementations determine if the call is an API call; if it is so, write in the json format; otherwise, write in the plain text format.

WriteToResponse(content,statusCode,contentType)

Summary

Writes the specified content to the response along with its type and HTTP status code.

Parameters
Name Type Description
content System.String The text to be written to the response.
statusCode System.Int32 The HTTP status code. Default is 200.
contentType System.String The content type. Default is ‘text/plain’.
Exceptions
Type Description
System.ArgumentNullException When either content or contentType is null/empty/whitespace.

WriteToResponse(model,statusCode)

Summary

Writes the specified model to the response serialized as JSON along with the specified HTTP status code.

Parameters
Name Type Description
model System.Object The model object to be serialized as JSON and writtent to the response.
statusCode System.Int32 The HTTP status code. Default is 200.
Exceptions
Type Description
System.ArgumentNullException When model is null.

Redirect(url)

Summary

Redirects to the specified URL.

Parameters
Name Type Description
url System.String The URL.

Summary

Adds the specified cookie to the response. If the cookie already exists, it’ll be overridden.

Parameters
Name Type Description
cookie System.Net.Cookie The cookie.

ExpireCookie(name)

Summary

Sets an expired cookie in the response by the specified name if it exists in the request.

Returns

true if a cookie by the specified name was found in the request and set as expired in the response; otherwise, false.

Parameters
Name Type Description
name System.String The cookie name.

GetContainer()

Summary

Gets the DI container for the current request.

Returns

The DI container for the current request.

Parameters

This method has no parameters.

ValidateForXss()

Summary

Performs XS validation on the input data related to this request instance.

Parameters

This method has no parameters.

Exceptions
Type Description
ASPSecurityKit.Xss.XssDetectedException When XSS characters are found.
Remarks

The default implementations make use of Validate passing it the input model but doesn’t handle any exceptions including the XssDetectedException. The Execute invokes this method and handles exceptions (if any) as per its standard approach.

GetPermissionCode(req,dto)

Summary

Gets the permission code for the specified request.

Returns

The permission code for the specified request.

Parameters
Name Type Description
req ServiceStack.Web.IRequest The request.
dto System.Object The request dto.

GetCallerIpAsync()

Summary

Gets the Remote IP of the caller.

Returns

The Remote IP of the caller.

Parameters

This method has no parameters.

Remarks

The implementers should attempt to return the actual caller IP considering such headers as X-Forwarded-For, X-Real-IP as well.

GetCallerIpAsync(cancellationToken)

Summary

Gets the Remote IP of the caller.

Returns

The Remote IP of the caller.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.
Remarks

The implementers should attempt to return the actual caller IP considering such headers as X-Forwarded-For, X-Real-IP as well.

GetRawBodyAsync()

Summary

Gets the body (raw) from the request.

Returns

The body (raw) from the request.

Parameters

This method has no parameters.

GetRawBodyAsync(cancellationToken)

Summary

Gets the body (raw) from the request.

Returns

The body (raw) from the request.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.

IsMarkedWithAsync(feature,verb)

Summary

Determines whether the requested operation is marked with the specified feature.

Returns

true if the requested operation is marked with the specified feature; otherwise, false.

Parameters
Name Type Description
feature ASPSecurityKit.RequestFeature The feature to check.
verb System.String The http verb (method). Null indicates to use the verb associated with the current request.

IsMarkedWithAsync(feature,cancellationToken,verb)

Summary

Determines whether the requested operation is marked with the specified feature.

Returns

true if the requested operation is marked with the specified feature; otherwise, false.

Parameters
Name Type Description
feature ASPSecurityKit.RequestFeature The feature to check.
cancellationToken System.Threading.CancellationToken The cancellation token.
verb System.String The http verb (method). Null indicates to use the verb associated with the current request.

GetDisabledReasonAsync(verb)

Summary

Gets the reason of why action is disabled.

Returns

The reason of why action is disabled.

Parameters
Name Type Description
verb System.String The http verb (method). Null indicates to use the verb associated with the current request.

GetDisabledReasonAsync(verb,cancellationToken)

Summary

Gets the reason of why action is disabled.

Returns

The reason of why action is disabled.

Parameters
Name Type Description
verb System.Threading.CancellationToken The http verb (method). Null indicates to use the verb associated with the current request.
cancellationToken System.String The cancellation token.

GetEntityCodeAsync()

Summary

Gets the entity code for the requested operation. Used to specify the entityName argument when calling Authorize or Authorize. See platform specific implementations for more details.

Returns

The entity code for the requested operation.

Parameters

This method has no parameters.

Remarks

If AuthEntityAttribute is specified with a non-empty value, it just returns the value from PermissionCode. Otherwise, first, the DTOSuffix (if specified) is removed from Dto’s type name. Second, the name is further cleansed by calling EntityNameFromDTONameGetter.

GetEntityCodeAsync(cancellationToken)

Summary

Gets the entity code for the requested operation. Used to specify the entityName argument when calling Authorize or Authorize. See platform specific implementations for more details.

Returns

The entity code for the requested operation.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.
Remarks

If AuthEntityAttribute is specified with a non-empty value, it just returns the value from PermissionCode. Otherwise, first, the DTOSuffix (if specified) is removed from Dto’s type name. Second, the name is further cleansed by calling EntityNameFromDTONameGetter.

GetPermissionCodeAsync()

Summary

Gets the permissionCode for the requested operation.

Returns

The permissionCode for the requested operation.

Parameters

This method has no parameters.

GetPermissionCodeAsync(cancellationToken)

Summary

Gets the permissionCode for the requested operation.

Returns

The permissionCode for the requested operation.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.

WriteToResponseAsync(failureReason,failureDescription,errors)

Summary

Writes the security check failure details to the response. See remarks for more details.

Parameters
Name Type Description
failureReason ASPSecurityKit.OpResult The failure reason.
failureDescription System.String The failure description.
errors System.Collections.Generic.List{ASPSecurityKit.AuthError} The detailed/additional error information to aid in troubleshooting.
Remarks

Regarding the information to be written, the default implementations follow the guidelines mentioned for OpException. Briefly speaking, HTTP status code is first determined using OpResultToStatusCode and if it’s 500, InternalServerError is written to the response rather than the provided failure parameters. However, if IsDevelopmentEnvironment is true, the failure parameters are written to the response regardless of the status code. The default implementations write errors in the json format on the API platforms. For mix platforms, the default implementations determine if the call is an API call; if it is so, write in the json format; otherwise, write in the plain text format.

WriteToResponseAsync(failureReason,failureDescription,cancellationToken,errors)

Summary

Writes the security check failure details to the response. See remarks for more details.

Parameters
Name Type Description
failureReason ASPSecurityKit.OpResult The failure reason.
failureDescription System.String The failure description.
cancellationToken System.Threading.CancellationToken The cancellation token.
errors System.Collections.Generic.List{ASPSecurityKit.AuthError} The detailed/additional error information to aid in troubleshooting.
Remarks

Regarding the information to be written, the default implementations follow the guidelines mentioned for OpException. Briefly speaking, HTTP status code is first determined using OpResultToStatusCode and if it’s 500, InternalServerError is written to the response rather than the provided failure parameters. However, if IsDevelopmentEnvironment is true, the failure parameters are written to the response regardless of the status code. The default implementations write errors in the json format on the API platforms. For mix platforms, the default implementations determine if the call is an API call; if it is so, write in the json format; otherwise, write in the plain text format.

WriteToResponseAsync(content,statusCode,contentType)

Summary

Writes the specified content to the response along with its type and HTTP status code.

Parameters
Name Type Description
content System.String The text to be written to the response.
statusCode System.Int32 The HTTP status code. Default is 200.
contentType System.String The content type. Default is ‘text/plain’.
Exceptions
Type Description
System.ArgumentNullException When either content or contentType is null/empty/whitespace.

WriteToResponseAsync(content,cancellationToken,statusCode,contentType)

Summary

Writes the specified content to the response along with its type and HTTP status code.

Parameters
Name Type Description
content System.String The text to be written to the response.
cancellationToken System.Threading.CancellationToken The cancellation token.
statusCode System.Int32 The HTTP status code. Default is 200.
contentType System.String The content type. Default is ‘text/plain’.
Exceptions
Type Description
System.ArgumentNullException When either content or contentType is null/empty/whitespace.

WriteToResponseAsync(model,statusCode)

Summary

Writes the specified model to the response serialized as JSON along with the specified HTTP status code.

Parameters
Name Type Description
model System.Object The model object to be serialized as JSON and writtent to the response.
statusCode System.Int32 The HTTP status code. Default is 200.
Exceptions
Type Description
System.ArgumentNullException When model is null.

WriteToResponseAsync(model,cancellationToken,statusCode)

Summary

Writes the specified model to the response serialized as JSON along with the specified HTTP status code.

Parameters
Name Type Description
model System.Object The model object to be serialized as JSON and writtent to the response.
cancellationToken System.Threading.CancellationToken The cancellation token.
statusCode System.Int32 The HTTP status code. Default is 200.
Exceptions
Type Description
System.ArgumentNullException When model is null.

ValidateForXssAsync()

Summary

Performs XS validation on the input data related to this request instance.

Parameters

This method has no parameters.

Exceptions
Type Description
ASPSecurityKit.Xss.XssDetectedException When XSS characters are found.
Remarks

The default implementations make use of Validate passing it the input model but doesn’t handle any exceptions including the XssDetectedException. The Execute invokes this method and handles exceptions (if any) as per its standard approach.

ValidateForXssAsync(cancellationToken)

Summary

Performs XS validation on the input data related to this request instance.

Parameters
Name Type Description
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
ASPSecurityKit.Xss.XssDetectedException When XSS characters are found.
Remarks

The default implementations make use of Validate passing it the input model but doesn’t handle any exceptions including the XssDetectedException. The Execute invokes this method and handles exceptions (if any) as per its standard approach.

GetPermissionCodeAsync(req,dto)

Summary

Gets the permission code for the specified request.

Returns

The permission code for the specified request.

Parameters
Name Type Description
req ServiceStack.Web.IRequest The request.
dto System.Object The request dto.

GetPermissionCodeAsync(req,dto,cancellationToken)

Summary

Gets the permission code for the specified request.

Returns

The permission code for the specified request.

Parameters
Name Type Description
req ServiceStack.Web.IRequest The request.
dto System.Object The request dto.
cancellationToken System.Threading.CancellationToken The cancellation token.