base.OnAuthenticated calling OnSaveSession, not OnSaveSessionSync

taglius · July 12, 2021, 2:11pm

Finally got to update my older servicestack updated this week, and it looks like most is working, although I did find an issue after replacing OnSaveSession with OnSaveSessionAsync - my custom session lengths weren’t working anymore. After putting back the former, it looks like base.OnAuthenticated is still calling it, so it’s not completely obsolete yet.

mythz · July 12, 2021, 2:33pm

Which OnAuthenticated()? i.e. what class is calling it?

taglius · July 12, 2021, 2:37pm

Sorry, it’s my custom CredentialsAuthProvider, which (now) inherits off of CredentialsAuthProviderSync

mythz · July 12, 2021, 2:39pm

Then it needs to call OnSaveSession(), it wont when you upgrade to inherit from the default CredentialsAuthProvider.

taglius · July 12, 2021, 5:33pm

thank you. Would you happen to have a full example of an async CustomCredentialsAuthProvider- the template on the page below doesn’t compile (it appears that the implementation of AuthenticateAsync and OnAuthenticatedAsync are combined). I also didn’t see any in the SS unit tests beyond trivial a example.

https://docs.servicestack.net/authentication-and-authorization

mythz · July 12, 2021, 5:38pm

You should only need to change your sync methods to async, namely:

Add an *Async suffix
Add an optional CancellationToken as its last parameter
Return a Task<T> for T return types or Task for void methods

E.g.

int Add(int value); // sync method to async => 

Task<int> AddAsync(int value, CancellationToken token = default);

I’ve updated the docs to include the correct overrides, e.g:

public class CustomCredentialsAuthProvider : CredentialsAuthProvider
{
    public override async Task<bool> TryAuthenticateAsync(IServiceBase authService, 
        string userName, string password, CancellationToken token=default)
    {
        //Add here your custom auth logic (database calls etc)
        //Return true if credentials are valid, otherwise false
    }

    public override async Task<IHttpResult> OnAuthenticatedAsync(IServiceBase authService, 
        IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo, 
        CancellationToken token=default)
    {
        //Fill IAuthSession with data you want to retrieve in the app eg:
        session.FirstName = "some_firstname_from_db";
        //...

        //Call base method to Save Session and fire Auth/Session callbacks:
        return await base.OnAuthenticatedAsync(authService, session, tokens, authInfo, token);

        //Alternatively avoid built-in behavior and explicitly save session with
        //session.IsAuthenticated = true;
        //await authService.SaveSessionAsync(session, SessionExpiry, token);
        //authService.Request.Items[Keywords.DidAuthenticate] = true;
        //return null;
    }
}