base.OnAuthenticated calling OnSaveSession, not OnSaveSessionSync

Finally got to update my older servicestack updated this week, and it looks like most is working, although I did find an issue after replacing OnSaveSession with OnSaveSessionAsync - my custom session lengths weren’t working anymore. After putting back the former, it looks like base.OnAuthenticated is still calling it, so it’s not completely obsolete yet.

Which OnAuthenticated()? i.e. what class is calling it?

Sorry, it’s my custom CredentialsAuthProvider, which (now) inherits off of CredentialsAuthProviderSync

Then it needs to call OnSaveSession(), it wont when you upgrade to inherit from the default CredentialsAuthProvider.

thank you. Would you happen to have a full example of an async CustomCredentialsAuthProvider- the template on the page below doesn’t compile (it appears that the implementation of AuthenticateAsync and OnAuthenticatedAsync are combined). I also didn’t see any in the SS unit tests beyond trivial a example.

You should only need to change your sync methods to async, namely:

  • Add an *Async suffix
  • Add an optional CancellationToken as its last parameter
  • Return a Task<T> for T return types or Task for void methods


int Add(int value); // sync method to async => 

Task<int> AddAsync(int value, CancellationToken token = default);

I’ve updated the docs to include the correct overrides, e.g:

public class CustomCredentialsAuthProvider : CredentialsAuthProvider
    public override async Task<bool> TryAuthenticateAsync(IServiceBase authService, 
        string userName, string password, CancellationToken token=default)
        //Add here your custom auth logic (database calls etc)
        //Return true if credentials are valid, otherwise false

    public override async Task<IHttpResult> OnAuthenticatedAsync(IServiceBase authService, 
        IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo, 
        CancellationToken token=default)
        //Fill IAuthSession with data you want to retrieve in the app eg:
        session.FirstName = "some_firstname_from_db";

        //Call base method to Save Session and fire Auth/Session callbacks:
        return await base.OnAuthenticatedAsync(authService, session, tokens, authInfo, token);

        //Alternatively avoid built-in behavior and explicitly save session with
        //session.IsAuthenticated = true;
        //await authService.SaveSessionAsync(session, SessionExpiry, token);
        //authService.Request.Items[Keywords.DidAuthenticate] = true;
        //return null;