How to attach Header to Session after authentication

I know I can attach a request Header into a AuthSession in the TryAuthenticate method, but that is only fired once when we authenticate…

As an example, I would like to:

  1. Authenticate with the API credentials
  2. For now on, all queries need to have a X-CompanyId header, that I will use in each request

I didn’t want to have routes like GET /users/{CompanyId} but a simple GET /users

I also know that I can “append” something like this to every single request:

var header = HttpContext.Current.Request.Headers["X-CompanyId"];
if (header == null)
    return HttpError.Unauthorized("X-CompanyId header not found!");

Guid companyId;
if (!Guid.TryParse(header, out companyId))
    return HttpError.Unauthorized("X-CompanyId header is not a valid GUID type!");

but that’s just bad coding, at least I could wrap it up in an Extension Method…

Is there anything I can override of make use just like

var session = this.SessionAs<CustomAuthSession>();

so I can get hold of the header inside the session, or my only way is actually create an Extension Method to retrieve the custom header for each request?

Or, the best principle would be to authenticate once again soon the CompanyId is known and I would then attach the CompanyId through the TryAuthenticate override?

If you save the CompanyId in a CustomAuthSession on Authentication then it will already be available from the CustomAuthSession in subsequent requests without needing any additional CompanyId HTTP Headers.

Yes, I’m aware of that, but I was wondering if I could also populate the session after the authentication, but from all examples I did, I simply can’t.

I only have 2 options as I could also see:

  1. Create an Extension Method that extracts the customer header for each call
  2. Re-Authenticate once I know the CompanyID and only here I will be able to attach the CompanyID to the session inside the TryAuthenticate override…

The OnAuthenticated() event on the Session or IAuthEvents is fired after authentication and the session is saved afterwards so any changes to the session should be persisted, so you should just be able to do:

public class CustomUserSession : AuthUserSession
    public string CompanyId { get; set; }

    public override void OnAuthenticated(IServiceBase authService, 
        IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
        this.CompanyId = authService.Request.GetHeader("X-CompanyId");

And the CompanyId should be available in the Session on subsequent requests.

Changing the CompanyId in a Request Filter

Re-authenticating is unnecessary, but if you want to set or re-assign the CompanyId on the Custom UserSession in a Request Filter you can do something like this:

GlobalRequestFilters.Add((req, res, dto) => {
    var companyId = req.GetHeader("X-CompanyId");
    if (!string.IsNullOrEmpty(companyId))
        var session = (CustomUserSession)req.GetSession();
        session.CompanyId = companyId;