I'm trying to manually create an IAuthSession and saving it, so I can use the attribute [Authenticate] on my methods, but doesn't seem to work.
So, I have my LoginHandler : Service where I do some custom code to login a user, and then I do:
namespace RequestHandlers
{
public class LoginHandler : Service
{
public object Post(Login request)
{
// do magic login code
if (loginSuccess)
{
IAuthSession session = GetSession();
session.FirstName = "My First name"
session.IsAuthenticated = true;
base.Request.SaveSession(session); // save the session??
}
else
{
throw new UnauthorizedAccessException(pc.GetFaultString());
}
return new LoginResponse() { Result = "OK" };
}
}
}
I was then my hope that the base.Request.SaveSession(session); would save the Session so that ServiceStack would later detect it and see that "aha, a protected method is allowed, since the user is logged in".
The response for the Login call is (in Fiddler):
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: ss-id=TwOJExNFhBuVuDna1aDO;path=/;HttpOnly
Set-Cookie: ss-pid=O4bJqgiLWRTFTOgcf2DD;path=/;expires=Mon, 08 Feb 2038 12:39:30 GMT;HttpOnly
X-Powered-By: ServiceStack/5,02 NET45 Win32NT/.NET
Date: Thu, 08 Feb 2018 12:39:31 GMT
f
{"Result":"OK"}
0So, I get some cookie with a pid, I take that as the session id?
Now, I have the Test method that I after running the Login above, should be available, right? =)
namespace tWorks.Alfa.Modules.ModuleRestApiService.Services.AlfaConnectService.Requests
{
[Authenticate]
[Route("/test")]
public class Test : IReturn<TestResponse>
{
public string Message { get; set; }
}
public class TestResponse
{
public string Result { get; set; }
}
}
But its not, I get a 401 error:
HTTP/1.1 401 Unauthorized
Transfer-Encoding: chunked
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/5,02 NET45 Win32NT/.NET
WWW-Authenticate: basic realm="/auth/basic"
Date: Thu, 08 Feb 2018 12:40:12 GMT
0
The call from Fiddler for Test is this:
POST http://192.168.0.147:8080/alfaconnect/test HTTP/1.1
Host: 192.168.0.147:8080
Accept: application/json
Content-Type: application/json
Content-Length: 18
DeviceUUID: 123asd123
Domain: AlfaOnline
Cookie: ss-id=TwOJExNFhBuVuDna1aDO
Cookie: ss-pid=O4bJqgiLWRTFTOgcf2DD
{"Message": "Hej"}As you can see, I copied the ss-id and ss-pid from the Login response to the Test call.
What am I missing?
Here is my AppHost:
public class AppHost : AppSelfHostBase
{
public AppHost(IModuleController moduleController, IContactModule contactModule) : base("HttpListener Self-Host", typeof(Services.AlfaProService.AlfaProService).Assembly)
{
}
public override void Configure(Funq.Container container)
{
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[] {
new BasicAuthProvider(), //Sign-in with HTTP Basic Auth
new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
}));
container.Register<ICacheClient>(new MemoryCacheClient());
var userRep = new InMemoryAuthRepository();
container.Register<IUserAuthRepository>(userRep);
}
public override RouteAttribute[] GetRouteAttributes(Type requestType)
{
var routes = base.GetRouteAttributes(requestType);
if (requestType.FullName.Contains("AlfaConnectService"))
{
routes.Each(x => x.Path = "/alfaconnect" + x.Path);
}
else if (requestType.FullName.Contains("AlfaProService"))
{
routes.Each(x => x.Path = "/alfapro" + x.Path);
}
return routes;
}
}
}
ServiceStack also requires the
session.UserAuthNameto be set to the Username.All ServiceStack's constructs are designed to work together, if you're not going to use ServiceStack's AuthProvider model just ignore it and implement your own Authentication. i.e. ignore all of ServiceStack's built-in Auth/Session features and use your own filters/validation instead.