Custom session not saving to cache

ultimatemonty · May 26, 2015, 9:18pm

I’m trying to use a custom session that has some additional props on it that we need. I have a custom user repository since we’re storing the user data in our own table instead of the UserAuth table and a custom user session to contain the additional data we need. The authentication request is going through with no issues but the session is not saving to the cache - if I examine base.GetSession(): in a ServiceInterface method it’s empty with the exception of the sessionId and the createdDate.

I think the issue is I’m not populating the data in the appropriate hook and not saving the session in the appropriate hook but I’m not sure where I should be doing both of those.

I have a gist up at https://gist.github.com/ultimatemonty/12a46ae3595e2729b4ac that shows the existing code. Thanks in advance! I love building APIs with SS - so easy to reason about!

mythz · May 27, 2015, 2:13am

Firstly since the AuthUserSession DTO is a DataContract you’ll also want to annotate each property with [DataMember], e.g:

[DataContract]
public class CustomAuthUserSession : AuthUserSession
{
    [DataMember]
    public bool SubscriptionValid { get; set; }
}

Other than that OnAuthenticated() should save the session but since you’re passing in the wrong Session instance your customSession wont get saved, so you should change your call from:

var response = OnAuthenticated(authService, session, null, null);

to:

var response = OnAuthenticated(authService, customSession, null, null);

ultimatemonty · May 27, 2015, 2:38am

Awesome those two things did the trick! Makes perfect sense now that I take a step back - could’t see the forest for the trees!

ultimatemonty · May 27, 2015, 3:08am

@mythz is there anything additional required to get the [Authenticate] attribute functioning when using custom sessions?

I’m using Postman to send requests with the x-ss-id header and keep getting 401 responses. Inspected the session returned by this.GetSession() in the service method and it has the correct sessionId but IsAuthenticated is false.

mythz · May 27, 2015, 4:25am

The correct headers should be X-ss-id by default or X-ss-pid if you’ve authenticated with ?RememberMe=true.

Also note there’s special support for send authenticated requests with Postman which can be enabled with:

Plugins.Add(new PostmanFeature { 
    EnableSessionExport = true
});

Where you can go to /postman?exportSession=true in an authenticated browser and it will redirect you to a url populated with your session ids that you can paste into postman so it populates cookies on future postman requests allowing you to make authenticated requests with Postman.

ultimatemonty · May 28, 2015, 1:42pm

Thanks!

I’m not sure how the Postman plugin would help me with the authentication issue?

My process right now is to send an request to /auth/credentials that then gives me back a sessionId. I then add that sessionId to the headers of the service I’m testing using the X-ss-id header. I’m still getting the 401 after generating the new session and adding that sessionId to the request.

mythz · May 28, 2015, 2:44pm

You said earlier you’re trying to authenticate with Postman? The /postman?exportSession=true feature redirects to a url that you can request from postman to import the authenticated users session which will be add the session cookies to subsequent postman requests - allowing you to make authenticated requests with Postman.

The X-ss-id sessionId is used when ?RememberMe=false, you can try sending X-ss-pid header instead which is required if authentication was made with ?RememberMe=true. If it’s still doesn’t authenticate please provide the full HTTP Request/Response Headers of the Authentication request (i.e. /auth/credentials) and the Postman request that includes the HTTP Header.