Restricting Services

This page has moved to docs.servicestack.net/restricting-services

Restrict Services

You can change the Visibility and Access restrictions on any service using the new [Restrict] attribute. This is a class based attribute and should be placed on your Service class. Visibility affects whether or not the service shows up on the public /metadata pages, whilst access restrictions limits the accessibility of your services.

Named Configurations

The Restrict attribute includes a number of Named configurations for common use-cases. E.g You can specify a Service should only be available from your local machine with:

[Restrict(LocalhostOnly = true)]
public class LocalAdmin { }

Which ensures access to this service is only allowed from localhost clients and the details of this service will only be visible on /metadata pages that are viewed locally.

This is equivalent to using the underlying granular form of specifying individual RequestAttributes, e.g:

[Restrict(AccessTo = RequestAttributes.Localhost, VisibilityTo = RequestAttributes.Localhost)]
public class LocalAdmin { }

There are many more named configurations available. You can use VisibleInternalOnly to only have a service listed on internally viewed /metadata pages with:

[Restrict(VisibleInternalOnly = true)]
public class InternalAdmin { }

Services can be restricted on any EndpointAttribute, e.g. to ensure this service is only called by XML clients, do:

[Restrict(RequestAttributes.Xml)]
public class XmlOnly { }

Restriction Combinations

Likewise you can add any combination of Endpoint Attributes together, E.g. this restricts access to service to Internal JSON clients only:

[Restrict(RequestAttributes.InternalNetworkAccess | RequestAttributes.Json)]
public class JsonInternalOnly { }

Multiple restriction scenarios

It also supports multiple restriction scenarios, E.g. This service is only accessible by internal JSON clients or External XML clients:

[Restrict(
    RequestAttributes.InternalNetworkAccess | RequestAttributes.Json,
    RequestAttributes.External | RequestAttributes.Xml)]
public class JsonInternalOrXmlExternalOnly { }

A popular configuration that takes advantage of this feature would be to only allow HTTP plain-text traffic from Internal Networks and only allow external access via secure HTTPS, which you can enforce with:

[Restrict(RequestAttributes.InSecure | RequestAttributes.InternalNetworkAccess,
          RequestAttributes.Secure   | RequestAttributes.External)]
public class InternalHttpAndExternalHttps { }

Wiki home

Getting Started
1. Creating your first project
2. Create Service from scratch
3. Your first webservice explained
4. Example Projects Overview
5. Learning Resources
Designing APIs
1. ServiceStack API Design
2. Designing a REST-ful service with ServiceStack
3. Simple Customer REST Example
4. How to design a Message-Based API
5. Software complexity and role of DTOs
Reference
1. Order of Operations
2. The IoC container
3. Configuration and AppSettings
4. Metadata page
5. Rest, SOAP & default endpoints
6. SOAP support
7. Routing
8. Service return types
9. Customize HTTP Responses
10. Customize JSON Responses
11. Plugins
12. Validation
13. Error Handling
14. Security
15. Debugging
16. JavaScript Client Library (ss-utils.js)
Clients
1. Overview
2. C#/.NET client
  1. .NET Core Clients
3. Add ServiceStack Reference
4. Silverlight client
5. JavaScript client
  1. Add TypeScript Reference
6. Dart Client
7. MQ Clients
Formats
1. Overview
2. JSON/JSV and XML
3. HTML5 Report Format
4. CSV Format
5. MessagePack Format
6. ProtoBuf Format
View Engines 4. Razor & Markdown Razor
- Razor Notes
- View and Template Selection
- Compiled Razor Views
- Razor Views vs Content Pages
- Self-Hosted Razor Views
1. Markdown Razor
Hosts
1. IIS
2. Self-hosting
3. Messaging
4. Mono
Security
1. Authentication
2. Sessions
3. Restricting Services
4. Encrypted Messaging
Advanced
1. Configuration options
  - Run ServiceStack side-by-side with another web framework
2. Access HTTP specific features in services
3. Logging
4. Serialization/deserialization
5. Request/response filters
6. Filter attributes
7. Concurrency Model
8. Built-in profiling
9. Form Hijacking Prevention
10. Auto-Mapping
11. HTTP Utils
12. Dump Utils
13. Virtual File System
14. Config API
15. Physical Project Structure
16. Modularizing Services
17. MVC Integration
18. ServiceStack Integration
19. Embedded Native Desktop Apps
20. Auto Batched Requests
21. Versioning
22. Multitenancy
Caching
Caching Providers
HTTP Caching 1. CacheResponse Attribute 2. Cache Aware Clients
Auto Query
Overview
Why Not OData
AutoQuery RDBMS
AutoQuery Data 1. AutoQuery Memory 2. AutoQuery Service 3. AutoQuery DynamoDB
Server Events
1. Overview
2. JavaScript Client
3. C# Server Events Client
4. Redis Server Events
Service Gateway
1. Overview
2. Service Discovery
Encrypted Messaging
1. Overview
2. Encrypted Client
Plugins
1. Auto Query
2. Server Sent Events
3. Swagger API
4. Postman
5. Request logger
6. Sitemaps
7. Cancellable Requests
8. CorsFeature
Tests
1. Testing
2. HowTo write unit/integration tests
ServiceStackVS
1. Install ServiceStackVS
2. Add ServiceStack Reference
3. TypeScript React Template
4. React, Redux Chat App
5. AngularJS App Template
6. React Desktop Apps
Other Languages
1. FSharp
  1. Add ServiceStack Reference
2. VB.NET
  1. Add ServiceStack Reference
3. Swift
4. Swift Add Reference
5. Java
Amazon Web Services
ServiceStack.Aws
PocoDynamo
AWS Live Demos
Getting Started with AWS
Deployment
1. Deploy Multiple Sites to single AWS Instance
  1. Simple Deployments to AWS with WebDeploy
2. Advanced Deployments with OctopusDeploy
Install 3rd Party Products
1. Redis on Windows
2. RabbitMQ on Windows
Use Cases
1. Single Page Apps
2. HTML, CSS and JS Minifiers
3. Azure
4. Connecting to Azure Redis via SSL
5. Logging
6. Bundling and Minification
7. NHibernate
Performance
1. Real world performance
Other Products
1. ServiceStack.Redis
2. ServiceStack.OrmLite
3. ServiceStack.Text
Future
1. Roadmap

Provide feedback

Saved searches