Issue with AuthUserSession generation for user in a service

arunpereira · August 21, 2018, 4:08pm

I used the following code to generate a session in a service. However, the id for the session is set to null. Can you please tell me what is the best approach for this to be done?
The use case is that an administrator is creating a user who is then emailed a link with a pre-set session since they have not yet logged in. We will then use that session id for authorizing their access to perform first login account updates which include password setup.

       var contactSession = new AuthUserSession
        {
            UserAuthId = primaryContact.Id.RemoveRavenCollectionName(),
            Email = primaryContact.Email,
            DisplayName = primaryContact.FirstName,
            FirstName = primaryContact.FirstName,
            LastName = primaryContact.LastName,
            IsAuthenticated = true,
            Roles = new List<string> {primaryContact.Role.ToString()},
        };
        this.SaveSession(contactSession);

        var token = contactSession.Id;

mythz · August 21, 2018, 4:18pm

Firstly saving a Session is not the same as creating a user. It saves an Authenticated Session for the current User, it doesn’t have any effect on any other/external users.

Secondly you should never be creating Sessions like this, Sessions should be created through an Auth Provider, whether it’s using a built-in Auth Provider or your own Custom Auth Provider.

Sounds like what you want is to create a temporary “staging” table with all the User Information that’s referenced by a generated hash (like a Guid). Then send the User a link with the hash that takes them to a form where they enter their password for their new account and when they submit a form you’re just registering the User as normal using the password they’ve specified.