How should I handle authentication with Nancy?

c# authentication nancy

14,840

Solution 1

As Steven writes Nancy supports basic and form auth out of the box. Have a look these two demo apps to see how to do each: https://github.com/NancyFx/Nancy/tree/master/samples/Nancy.Demo.Authentication.Forms and https://github.com/NancyFx/Nancy/tree/master/samples/Nancy.Demo.Authentication.Basic

From the second of those demos here is a module that requires auth:

namespace Nancy.Demo.Authentication.Forms
{
  using Nancy;
  using Nancy.Demo.Authentication.Forms.Models;
  using Nancy.Security;

  public class SecureModule : NancyModule
  {
    public SecureModule() : base("/secure")
    {
        this.RequiresAuthentication();

        Get["/"] = x => {
            var model = new UserModel(Context.CurrentUser.UserName);
            return View["secure.cshtml", model];
        };
    }
  }
}

and a bootstrapper snippet that sets up form auth in the request pipeline:

    protected override void RequestStartup(TinyIoCContainer requestContainer, IPipelines pipelines, NancyContext context)
    {
        // At request startup we modify the request pipelines to
        // include forms authentication - passing in our now request
        // scoped user name mapper.
        //
        // The pipelines passed in here are specific to this request,
        // so we can add/remove/update items in them as we please.
        var formsAuthConfiguration =
            new FormsAuthenticationConfiguration()
            {
                RedirectUrl = "~/login",
                UserMapper = requestContainer.Resolve<IUserMapper>(),
            };

        FormsAuthentication.Enable(pipelines, formsAuthConfiguration);
    }

Solution 2

I created an example forms auth web application with user management with Nancy for my own learning. It's on Github here if you want to play with it.

https://github.com/GusBeare/Nancy-UserManager

14,840

Author by

Byron Sommardahl

Byron has been developing software since he was 9 years old, coding RPG's on his Commodore 64 and his best friend's Apple IIe. When he was just 14, he developed a driver dispatch program for a large home repair company, a pawn shop management program, and a POS for clothing stores (that one is still in production). Since then, software development has been a constant and consuming passion for Byron. In 2010, Byron and some friends founded a software development company, Acklen Avenue, that has now grown to more than 50 distributed employees and runs multiple simultaneous agile software development projects daily. Byron is a true believer in anything that improves software maintainability, usability, and delivery.

Updated on June 16, 2022

Comments

Byron Sommardahl about 2 years

I started coding a LoginModule for Nancy, but it occurred to me that possibly I need to perform authentication a different way. Is there an accepted way of doing auth in Nancy? I am planning two projects right now: web and json service. I will need auth for both.
Byron Sommardahl about 12 years

This answer is spot on for a website that is powered by Nancy. For a service, there is still something missing from Nancy. I have submitted a pull request (github.com/NancyFx/Nancy/pull/650#issuecomment-6416528) containing a new StatelessAuthentication piece. That type of authentication rounds out Nancy (at least for me) as a really great web or service provider technology.
Goran Obradovic over 10 years

@ByronSommardahl I see your pull request is part of Nancy now. Nice!