Customized CredentialsAuthProvider not persisting UserAuthDetails

ServiceStack Authentication
1

I’ve written a custom CredentialsProvider where I’ve overridden TryAuthenticate and OnAuthenticated.

My On Authenticated looks like the following:

public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
        {
            var dbFactory = authService.ResolveService<IDbConnectionFactory>();

            using (var db = dbFactory.Open())
            {
                var user = db.LoadSelect<User>(x => x.Email.ToLower() == session.UserAuthName.ToLower()).FirstOrDefault();

                var roles = LoadRoles(db, user);
                var permissions = LoadPermissions(db, user);

                session.UserAuthId = user.Id.ToString();
                session.FirstName = user.FirstName;
                session.LastName = user.LastName;
                session.DisplayName = user.FirstName + " " + user.LastName;
                session.Email = user.Email;
                session.UserName = user.Email;
                session.Roles = roles;
                session.Permissions = permissions;
            }
            return base.OnAuthenticated(authService, session, tokens, authInfo);
        }

Yet nothing is ever persisted to the UserAuthDetails table. My Auth Features are setup as follows:

new AuthFeature(() => new AuthUserSession(), new IAuthProvider[]
                {
                    new CustomAuthProvider()
                    {
                        PersistSession = true
                    }
                })

I see here where this.SaveSession is called in the base.OnAuthenticated, which checks for PersistSession, but it’s never persisted even though I return base.OnAuthenticated.

2

If it calls SaveSession() it should be call Saving the Session when it eventually calls OnSaveSession on your AppHost:

So I’d look at overriding the above API in your AppHost and add a debug breakpoint to see if it’s getting called, if it is then the Session is getting persisted in the registered ICacheClient as seen on line #551.

3

Maybe I am just misunderstanding the purpose of the UserAuthDetails table. OnSaveSession gets hit, the GetCacheClient() returns the in memory cache client.

When changing to the OrmLiteCacheClient, the sesssion is saved in CacheEntry, but nothing is saved in the UserAuthDetails table. I thought that UserAuthDetails was essentially an instance of an authenticated session, to be persisted to upon a successful authentication event.

4

Checkout the Authentication docs, the User Auth Repositories is the back-end persistence for Users which are persisted in the UserAuth and UserAuthDetails tables and is the source used for Authenticating Users.

But the UserSession is only persisted in the registered ICacheClient after successful authentication. To validate whether a User is Authenticated, ServiceStack only checks whether the user has an Authenticated UserSession persisted in the registered Cache identified by the Session Cookie Ids.

The exception are IAuthWithRequest Auth Providers like JWT and API Key Auth Providers in which authentication is included with each request in which case the Authenticated UserSession is populated on the IRequest object (i.e. not in the Cache).

5

Well that makes perfect sense, I guess my last question is, what is the UserAuthDetails table for?

6

It’s used by OAuth Providers for persisting verified OAuth Request and Access Tokens.

1 Like