Grzegorz Zielinski - 293 - Mar 19, 2014

I have some problems with auth providers.
In my web application I want to use multiple oauth providers (google, facebook etc),
and I have custom registration page.
The user should always perform registration before access to the my webservices.

But in servicestack (SocialBootStrap example) if user selects authentication by one of the oauth providers
is always authenticated - even if the user is not registered
(of course if he pass valid login and password).

How I can control logins via oauth and does not authenticate not registered users ?

I tried to delete session in CustomSession.OnAuthenticated event:
session.IsAuthenticated = false;

but it does not work.

Not sure what you mean that he’s always authenticated if he’s not registered? But you may be asking on how to log the user out?

Grzegorz Zielinski:

Maybe I will give you  an example:

- I run the SocialBootStrap app (on empty database)
- On home page I click “sign in with google”. And I’m authenticated - I can use services with [Authenticate] attribute.

So, I can use service without registration. I do not want this, in my workflow users must first complete the registration procedure. Only after this they can be authenticated.
How to achieve this?

>But you may be asking on how to log the user out

I’m trying to solve the problem in CustomUserSession.OnAuthenticated by removing the session for users not previously registered.

session.IsAuthenticated = false;
or  (authService as AuthenticateService).Delete(null);
not working. I still can use services with [Authenticate] attribute.

BTW: (I wrote about this before) It is not possible to download ServiceStack.pdb files (yes, I have properly configured Some SS pdb files are avaliable but ServiceStack.pdb not.