Kebin Maharjan - 206 - Nov 15, 2014

Hi Demis,
I’ve been playing around with http://mvc.servicestack.net/ as you suggested for mvc based application. Here’s something I came across, and wanted to know your thoughts.

I’m using RavenDb but this should not matter I believe.
- Starting with Empty db
- Login using facebook
- Creates UserAuths (empty password ofcourse)
- Creates UserAuthDetails(facebook as a provider)
- Log out
- Try login to CredentialAuthProvider (using the email address used via facebook login)
- Throws error: Value cannot be null. Parameter name: s.

Surely that happens because there’s no password set in AuthUsers. Ideally it should tell users “invalid login”. What would be the best approach for this? Override TryAuthenticate and check for this? It will be nice to have this thrown by CredentialsAuthProvider.

Thanks!
Kebin

You’d need to register with a Username/Password first so there is a password registered with that account. Once authenticated you can use the other OAuth providers which also get registered to that account.

Kebin Maharjan:

So as a user lets say I signed up using Facebook, lets say abc@gmail.com…someone later tries to login using the same email with password by accident, shouldn’t he get invalid user/pass error?

Right they shouldn’t be allowed to register or log in. I’ll take a look at adding a better error msg.

Kebin Maharjan:

Yup! Currently they can’t register. It errors with - email already exists, which is perfect. Just need to error - invalid email/password for when trying to login.

ok this should now be fixed with this commit: https://github.com/ServiceStack/ServiceStack/commit/c32b13b18f9443fa867c90e64e44ce81b2abfc99

That’s just finished deploying to MyGet: https://github.com/ServiceStack/ServiceStack/wiki/MyGet

http://mvc.servicestack.net has also been redeployed which shows the updated behavior.

Kebin Maharjan:

Awesome, Thanks!