Custom Session .HasPermission not being called

Hi, I have finally got round to asking about this as I have some more “sensitive stuff” going on my services now.

I have a custom session that derives from AuthSession, and am registering as per social boostrap as below. This works fine and no problems.

Plugins.Add(new AuthFeature(() => new HarbourAuthUserSession(),
 new IAuthProvider[] { new CredentialsAuthProvider() {SessionExpiry = tenant.LoginExpiry}}));

Within my custom session I have overriddn HasPermission. Even though I have added the following to a service method, it never gets called:

    public object Post(DeleteWaitingListRequest request)
        _waitingListBusiness.Delete(request.WaitingListId, UserSession);
        return new HttpResult(string.Empty, HttpStatusCode.OK);

Strangely though, it does call an overridden HasRole (even though the Service method has no [RequiredRole] attribute.

Any clues - am sure it’s wired up fine, as all overridden methods in the Custom session are being called bar the HasPermission.


It calls session.HasRole(RoleNames.Admin) since anyone in the Admin Role has super-user access that can by-pass Authorization. Is there a chance you’re in the Admin role or your overridden session.HasRole(RoleNames.Admin) returns true?

Ah - didn’t realise Admin was a reserved role. Will try removing myself from that Role. Thanks