Restricting Services
This page has moved to docs.servicestack.net/restricting-services
You can change the Visibility and Access restrictions on any service using the new [Restrict] attribute. This is a class based attribute and should be placed on your Service class.
Visibility affects whether or not the service shows up on the public /metadata
pages, whilst access restrictions limits the accessibility of your services.
The Restrict attribute includes a number of Named configurations for common use-cases. E.g You can specify a Service should only be available from your local machine with:
[Restrict(LocalhostOnly = true)]
public class LocalAdmin { }
Which ensures access to this service is only allowed from localhost clients and the details of this service will only be visible on /metadata
pages that are viewed locally.
This is equivalent to using the underlying granular form of specifying individual RequestAttributes
, e.g:
[Restrict(AccessTo = RequestAttributes.Localhost, VisibilityTo = RequestAttributes.Localhost)]
public class LocalAdmin { }
There are many more named configurations available. You can use VisibleInternalOnly to only have a service listed on internally viewed /metadata
pages with:
[Restrict(VisibleInternalOnly = true)]
public class InternalAdmin { }
Services can be restricted on any EndpointAttribute, e.g. to ensure this service is only called by XML clients, do:
[Restrict(RequestAttributes.Xml)]
public class XmlOnly { }
Likewise you can add any combination of Endpoint Attributes together, E.g. this restricts access to service to Internal JSON clients only:
[Restrict(RequestAttributes.InternalNetworkAccess | RequestAttributes.Json)]
public class JsonInternalOnly { }
It also supports multiple restriction scenarios, E.g. This service is only accessible by internal JSON clients or External XML clients:
[Restrict(
RequestAttributes.InternalNetworkAccess | RequestAttributes.Json,
RequestAttributes.External | RequestAttributes.Xml)]
public class JsonInternalOrXmlExternalOnly { }
A popular configuration that takes advantage of this feature would be to only allow HTTP plain-text traffic from Internal Networks and only allow external access via secure HTTPS, which you can enforce with:
[Restrict(RequestAttributes.InSecure | RequestAttributes.InternalNetworkAccess,
RequestAttributes.Secure | RequestAttributes.External)]
public class InternalHttpAndExternalHttps { }
- Why ServiceStack?
- Important role of DTOs
- What is a message based web service?
- Advantages of message based web services
- Why remote services should use separate DTOs
-
Getting Started
-
Designing APIs
-
Reference
-
Clients
-
Formats
-
View Engines 4. Razor & Markdown Razor
-
Hosts
-
Security
-
Advanced
- Configuration options
- Access HTTP specific features in services
- Logging
- Serialization/deserialization
- Request/response filters
- Filter attributes
- Concurrency Model
- Built-in profiling
- Form Hijacking Prevention
- Auto-Mapping
- HTTP Utils
- Dump Utils
- Virtual File System
- Config API
- Physical Project Structure
- Modularizing Services
- MVC Integration
- ServiceStack Integration
- Embedded Native Desktop Apps
- Auto Batched Requests
- Versioning
- Multitenancy
-
Caching
-
HTTP Caching 1. CacheResponse Attribute 2. Cache Aware Clients
-
Auto Query
-
AutoQuery Data 1. AutoQuery Memory 2. AutoQuery Service 3. AutoQuery DynamoDB
-
Server Events
-
Service Gateway
-
Encrypted Messaging
-
Plugins
-
Tests
-
ServiceStackVS
-
Other Languages
-
Amazon Web Services
-
Deployment
-
Install 3rd Party Products
-
Use Cases
-
Performance
-
Other Products
-
Future