How can I share AuthUserSession across multiple applications under the same root domain? i.e we already have an mvc+servicestack application running (test.com) and now are adding another mvc application using asp.net core at two.test.com. Users authenticate at test.com.
I’ve done the following:
Using OrmLiteCacheClient for shared session/cache
Session cookie is shared via browser(RestrictAllCookiesToDomain) and null for localhost
two.test.com’s controllers are derived from ServiceStackController
In two.test.com, SessionFeature.GetSessionKey() throws - NotImplementedException: This AppHost does not support accessing the current Request via a Singleton
Shouldn’t the Session be populated in two.test.com?
You can only call SessionFeature.GetSessionKey() without the request context in ASP.NET .NET 4.5 Apps, in other AppHosts you need to provide the IRequest context for the current request.
How can I use [Authenticate] / [Authorize] attributes in my controller in two.test.com? how can I ensure that the current user’s session is loaded from the session/cache and those attributes play well?
Yes. I took a .net core sample from the github, changed from memory cache to PostgreSQL cache. Running two applications on localhost. First application logs a user in and sets the session cookie on localhost. I see active session in the db.
On the second application(core), when a request hits an action/ controller with Authenticate attribute, it redirects to sign in.
Hmm I’m not sure if I understand this correctly. So regardless of whether a user has been authenticated from the first endpoint or not, I’d still need to /auth the user in the second endpoint?
No that’s just used to check whether ServiceStack thinks you’re authenticated or not? i.e. whether the issue is in your configuration or in ServiceStackController’s .NET Core impl.
If you’re getting a 401 ServiceStack is indicating that the Session Id provided doesn’t point to an Authenticated User Session.
Check the HTTP Request Headers for both Apps to ensure they contain the exact same Session Cookies
Check that your Auth/Cache configuration is exactly the same
Check that this returns a valid User Session in both apps:
var sessionId = req.GetSessionId(); // or try hard-coded sessionId string
var sessionKey = SessionFeature.GetSessionKey(sessionId);
var session = req.GetCacheClient().Get<IAuthSession>(sessionKey);
All three looked good. The issue was that sample app had CustomUserSession and therefore ‘__type’ in the stored session was not matching with my app. Worked after fixing this! Is there a way to get around this without having to share the same type?
Leave it as the default AuthUserSession, i.e. don’t use a CustomUserSession. Also I don’t see how the Auth Configuration would be exactly the same in both Apps if they both didn’t have access to the same CustomUserSession.