How can I share AuthUserSession across multiple applications under the same root domain? i.e we already have an mvc+servicestack application running (test.com) and now are adding another mvc application using asp.net core at two.test.com. Users authenticate at test.com.
I've done the following:
- Using OrmLiteCacheClient for shared session/cache
- Session cookie is shared via browser(RestrictAllCookiesToDomain) and null for localhost
- I can see that two.test.com is receiving session cookie set by test.com
- two.test.com's controllers are derived from ServiceStackController
In two.test.com, SessionFeature.GetSessionKey() throws - NotImplementedException: This AppHost does not support accessing the current Request via a Singleton
Shouldn't the Session be populated in two.test.com?
You can only call
SessionFeature.GetSessionKey() without the request context in ASP.NET .NET 4.5 Apps, in other AppHosts you need to provide the
IRequest context for the current request.
Got it! Thanks.
How can I use [Authenticate] / [Authorize] attributes in my controller in two.test.com? how can I ensure that the current user's session is loaded from the session/cache and those attributes play well?
Have you tried adding it to your ServiceStackController classes?
Yes. I took a .net core sample from the github, changed from memory cache to PostgreSQL cache. Running two applications on localhost. First application logs a user in and sets the session cookie on localhost. I see active session in the db.
On the second application(core), when a request hits an action/ controller with Authenticate attribute, it redirects to sign in.
When you hit
/auth endpoint from the second App do you get the session or a 401 response?
Hmm I'm not sure if I understand this correctly. So regardless of whether a user has been authenticated from the first endpoint or not, I'd still need to /auth the user in the second endpoint?
No that's just used to check whether ServiceStack thinks you're authenticated or not? i.e. whether the issue is in your configuration or in ServiceStackController's .NET Core impl.
I'm getting an 401.
The home page on the sample todo tells me I am not.
ServiceStack Status (Ajax)
/session has IsAuthenticated: false.
The session is active in cache_entry table. First endpoint is authenticated, second(.net core) is not.
If you're getting a 401 ServiceStack is indicating that the Session Id provided doesn't point to an Authenticated User Session.
- Check the HTTP Request Headers for both Apps to ensure they contain the exact same Session Cookies
- Check that your Auth/Cache configuration is exactly the same
- Check that this returns a valid User Session in both apps:
var sessionId = req.GetSessionId(); // or try hard-coded sessionId string
var sessionKey = SessionFeature.GetSessionKey(sessionId);
var session = req.GetCacheClient().Get<IAuthSession>(sessionKey);
All three looked good. The issue was that sample app had CustomUserSession and therefore '__type' in the stored session was not matching with my app. Worked after fixing this! Is there a way to get around this without having to share the same type?
Thanks a lot!
Leave it as the default
AuthUserSession, i.e. don't use a
CustomUserSession. Also I don't see how the Auth Configuration would be exactly the same in both Apps if they both didn't have access to the same CustomUserSession.
Great. Thanks for the help! I love Servicestack and can't wait for another .net core release targeting 2.0!