How to pass a custom UserId when authenticate?

When authenticate with

http://localhost:11157/auth?Username=email@domain.com&password=123456&format=json

I get:

{
  "userId": null,
  "sessionId": "7xyAX4ogiUWLuHkuCWTb",
  "userName": "email@domain.com",
  "displayName": null,
  "referrerUrl": null,
  "responseStatus": {
    "errorCode": null,
    "message": null,
    "stackTrace": null,
    "errors": null
  },
  "meta": null
}

I’m trying to populate the userId.

I’m using a custom NHibernate AuthRepository that authenticates the user against a Users table as well and not only the UserAuth table… though, I could not yet figure out how to pass a Company to this class as in this project, several emails can exists, they are only unique per companyId …

nevertheless, using a custom provider that inherits CredentialsAuthProvider the last call for the authentication, is made in OnAuthenticated and that returns null … hence I could not change the IHttpResult that method returns…

I’m sure this must be easier… can anyone share your authentication solution when you need a company (or other data) in the registration/authentication?

Anything you pass in the QueryString is accessible in your filter or custom auth provider as normal via Request.QueryString["UserId"]
otherwise you can send custom metadata in the Authenticate Request DTO by adding them to the Meta string dictionary.

Hi @mythz

I’m not saying you’re wrong, but I have no access to the HttpContext object inside the Repository:

That’s why I’m having some hard time to get data from the registration.

and btw, seting any Meta data in the Repository like:

newUser.Set(user.Guid);

var nhSession = GetCurrentSessionFn(sessionFactory);
nhSession.Save(new CustomUserAuthNHibernate(newUser));

I still get

{
   ...
   "meta": null
}

The repository wont have access to HTTP Request it’s only for persisting the UserAuth DAO. Can you populate it on the UserAuth DAO in your Custom Auth Repository?

The Meta is on the Authenticate Request DTO, it’s not automatically populated in the UserAuth DAO, you can also access it from your Custom Auth Repository.

I thought I was getting it, until you answer it again :confused:

is this in any project example? It got to a point that’s a bit confusing … might be my English as well, not being my primary language :frowning:

As you can see from the image in the last reply, the method CreateUserAuth has 0 references, VS does not find anything that it’s calling that method, so, it must be something internally in SS… maybe I could stop that process to fire and call it my self in the AuthUserSession.OnCreated override method?

the flow seems to be:

  • AuthUserSession.OnCreated
  • IUserAuthRepository.CreateUserAuth
  • AuthUserSession.OnRegistered

but as I said … inside AuthUserSession.OnRegistered I still have no access to the new user in the database (the user does not yet exists), so I can’t query it…

The diagram on the Authentication wiki explains the different components in ServiceStack Authentication, i.e:

  • IAuthProvider - Authentication Provider (e.g. Credentials, Twitter, Facebook, etc)
  • UserAuth - The Data Access Object that gets persisted in RDBMS
  • IUserAuthRepository - What persistence backend the UserAuth DAO is stored in (e.g. OrmLite, RavenDb, NHib)
  • AuthUserSession - The Session DAO holding the User Session information
  • ICacheClient - What caching provider the Session DAO is stored in (e.g. Memory, Redis, etc)

IUserAuth.CreateUserAuth is only used in the /register Service (if it’s enabled) which can be used to register a new user (and add it to your RDBMS). You’ll use this API to register new users that can sign in with a Password (i.e. CredentialsAuthProvider). You don’t need to use ServiceStack’s built-in Register Service to do this, it’s a fairly lightweight Service that essentially registers a new User using the details from the populated Register Request DTO after running some custom validation.

The built-in OAuth Providers that allows automatic user registration on the fly (e.g. Twitter, Facebook OAuth providers) instead uses CreateOrMergeAuthSession() which either creates a new user or adds to the currently authenticated user User details from this Auth Provider.