Authentication on dynamically added route

Question

There are an option in ServiceStack to add routes dynamically, using IAppHost.Routes.Add. This is quite handy as it allows reusable services to be packed in a form of plugin and attached to actual applications.

To illustrate, here's an excerpt of application host configuration that enables a plugin and attaches routes:

class AppHost: AppHostHttpListenerBase {
    public override void Configure(Container container) {
        // other stuff
        Plugins.Add(new MyReusablePlugin());
        Routes.Add(typeof(string), "/stuff", "GET");
        Routes.Add(typeof(string), "/other-stuff", "POST");
    }
}

The problem is, I can't find a way to specify that authentication is required for those dynamically added routes. As of ServiceStack 4.0.15 there are no overload to Routes.Add that allow specifying that those routes require authentication. Is it possible (maybe in newer versions)?

Ideally, such a mechanism should support specifying roles/permissions, just like RequiredRoleAttribue or RequiresAnyRoleAttribute.

One more thing: I'm aware of Global request filters and it looks like they are a bit too global to be a valid solution here, but I might be wrong. If it's possible to achieve the same result (including ability to specify required roles/permissions) using request filters I would be glad to accept an example of such apporach as an answer.

Answer 1

You can do this using the AddAttributes extension method provided on Type:

typeof(YourType).AddAttributes(new RequiredRoleAttribute("Admin"));

So you would need to do this in addition to the Routes.Add method.