ServiceStack Authentication [Authenticate] Attribute Fails to Process the ss-id and ss-pid -
i created testservice calls authenticateservice
, authenticates user. before calling testservice cleared of cookies make sure once response ss-id
, ss-pid
cookies, get.
apphost
configuration: (ss v4.0.8.0)
//plugins plugins.add(new razorformat()); plugins.add(new sessionfeature()); plugins.add(new authfeature(() => new customusersession(), new iauthprovider[] { new customcredentialsauthprovider() })); container.register<icacheclient>(new memorycacheclient());
my customcredentialsauthprovider
:
public class customcredentialsauthprovider : credentialsauthprovider { public override bool tryauthenticate(iservicebase authservice, string username, string password) { // custom auth logic // return true if credentials valid, otherwise false // bool isvalid = membership.validateuser(username, password); return true; } public override void onauthenticated(iservicebase authservice, iauthsession session, iauthtokens tokens, dictionary<string, string> authinfo) { base.onauthenticated(authservice, session, tokens, authinfo); var loginmanager = authservice.tryresolve<loginmanager>(); var logininfo = loginmanager.getlogininfo(session.userauthname); authservice.savesession(logininfo.customusersession, sessionexpiry); } }
my testservice
:
public class testservice : service { public object any(test request) { var response = new testresponse(); var authservice = base.resolveservice<authenticateservice>(); var authresponse = authservice.authenticate(new authenticate { username = "user", password = "password", rememberme = false }); base.request.responsecontenttype = mimetypes.html; //temporary workaround, not needed in v4.0.9+ return response; } }
so, recap. hit testservice, authenticate user, return response , make sure response contains ss-id
, ss-pid
cookies. try hit service has [authenticate]
attribute. breakpoint in service never hits , response in browser.
handler request not found:
request.httpmethod: request.pathinfo: /login request.querystring: servicestack.namevaluecollectionwrapper
request.rawurl:/login?redirect=http%3a%2f%2flocalhost%3a50063%2fbop%2fbasic-info-2
i have tried applying [authenticate]
attribute on service method , on whole service, same result. have tested can service methods if [authenticate]
attribute commented out, works, not service config issue or route issue.
i created 2 service methods /basic-info-1
, /basic-info-2
. /basic-info-2
has [authenticate]
attribute , basic-info-1
not. after authenticating, able basic-info-1
without issues , have confirmed can session information saved in onauthenticated()
method. /basic-info-2
handler error.
i not sure happens in [authenticate]
attribute looks of handler error, authentication fails , ss tries redirect me /login
not exist in project hence handler error. wonder why authenticate attribute not recognizing ss-id
, ss-pid
cookies?
diagnosis:
you should check session being returned in unauthenticated method (/basic-info-1
), after have authenticated using /test
. if session working correctly should see userauthid
, userauthname
, id
correctly set on session. doesn't appear these correctly set , [authenticate]
attribute therefore doesn't see valid session.
likely problem:
the problem in onauthenticated
method, loginmanager
not correctly returning these values when save session.
from code:
var loginmanager = authservice.tryresolve<loginmanager>(); var logininfo = loginmanager.getlogininfo(session.userauthname); authservice.savesession(logininfo.customusersession, sessionexpiry);
logininfo.customusersession.userauthid
null
logininfo.customusersession.userauthname
null
logininfo.customusersession.id
null
solution:
correctly set attributes before calling savesession
.
Comments
Post a Comment