Hi! I think there is a problem (or I have a problem?) with the GenerateNewSessionCookiesOnAuthentication = true parameter in AuthFeature.
I just created a simple ServiceStack ASP.NET Empty Project in VS and here is my AppHost class:
public class AppHost : AppHostBase
{
/// <summary>
/// Default constructor.
/// Base constructor requires a name and assembly to locate web service classes.
/// </summary>
public AppHost()
: base("simpletestauth", typeof(MyServices).Assembly)
{
}
/// <summary>
/// Application specific configuration
/// This method should initialize any IoC resources utilized by your web service classes.
/// </summary>
/// <param name="container"></param>
public override void Configure(Container container)
{
Plugins.Add(new CorsFeature());
string connectionString = string.Empty;
connectionString += "Server=myserver;";
connectionString += "Database=mydb;";
connectionString += "Application Name=myappname;";
connectionString += "User Id=myuser;";
connectionString += "Password=mypassword";
container.Register<IDbConnectionFactory>(new OrmLiteConnectionFactory(connectionString, SqlServerDialect.Provider));
ConfigureAuth(container);
var db = container.Resolve<IDbConnectionFactory>().Open();
}
private void ConfigureAuth(Funq.Container container)
{
Plugins.Add(
new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[] {
new CredentialsAuthProvider(),
}
)
{
GenerateNewSessionCookiesOnAuthentication = true,
MaxLoginAttempts = 5
}
);
container.Register<ICacheClient>(new MemoryCacheClient());
container.Register<IUserAuthRepository>(new OrmLiteAuthRepository(Resolve<IDbConnectionFactory>()));
var authRepo = (OrmLiteAuthRepository)container.Resolve<IUserAuthRepository>();
authRepo.InitSchema();
try
{
var serviceUser = authRepo.CreateUserAuth(new UserAuth
{
UserName = "service",
DisplayName = "service displayname",
Email = "service@service.com",
Roles = new List<string>(new string[] { "Service" })
}, "service");
}
catch (Exception) { }
}
}
I have only defined my Sql Server connection and registered the standard AuthFeature with the creation of my “service” user on startup.
I then modified the HelloService just to get the current user session:
[Authenticate]
public class MyServices : Service
{
public object Any(Hello request)
{
IAuthSession session = this.GetSession();
return new HelloResponse { Result = "Username: " + session.DisplayName + " - Session: " + session.Id };
}
}
Here the problems begins… If I POST my credentials to login, the user get logged and I can access the HelloService with all my session data…
If I re-send my credentials I get new cookies (as I wish with GenerateNewSessionCookiesOnAuthentication = true) but I get a 401 Unauthorized error; if now I re-send my credentials for the third time I can access again my HelloService and so on…
It seems so it get one valid session every two credentials requests.
Am I wrong or I miss something?