Hi, I have finally got round to asking about this as I have some more “sensitive stuff” going on my services now.
I have a custom session that derives from AuthSession, and am registering as per social boostrap as below. This works fine and no problems.
Plugins.Add(new AuthFeature(() => new HarbourAuthUserSession(),
new IAuthProvider[] { new CredentialsAuthProvider() {SessionExpiry = tenant.LoginExpiry}}));
Within my custom session I have overriddn HasPermission. Even though I have added the following to a service method, it never gets called:
[RequiredPermission("WaitingListDelete")]
public object Post(DeleteWaitingListRequest request)
{
_waitingListBusiness.Delete(request.WaitingListId, UserSession);
return new HttpResult(string.Empty, HttpStatusCode.OK);
}
Strangely though, it does call an overridden HasRole (even though the Service method has no [RequiredRole] attribute.
Any clues - am sure it’s wired up fine, as all overridden methods in the Custom session are being called bar the HasPermission.
Thanks