Multiple authentication requests

I have a situation where:

  1. I subclassed CredentialsAuthProvider to return a custom response from CredentialsAuthProvider.OnAuthenticated (a HttpResult containing my response DTO)

  2. A user posts to this providers endpoint while already having logged in with an earlier request.

In this scenario:

  • CredentialsAuthProvider.IsAuthorized gets a session with its IsAuthenticated flag set (as the client still has the session cookies from the authenticated first session) and I return true.

  • AuthenticateService.Authenticate will return the null response.

  • AuthenticateService.Post will return a default authentication response.

In this case I’d like to be able to return my custom response instead of the default one.

Or am I missing a vital hook somewhere that I can leverage :smile:


It’s default behavior and it can’t be overridden now. If user already authenticated then AuthenticateService.Authenticate returns null and to change this behavior need to change ServiceStack public API. You should ask @mythz if he thinks that the change is useful (I personally think it makes sense) it could be added.

Something like this:

 response = response ?? HostContext.AppHost?.CreateDefaultAuthResponse?.Invoke(request, provider, session, authProvider) ??  new AuthenticateResponse { ....

in this line of code

Sorry, I’ve been too busy for the last two weeks.

Sounds like a useful change for me as well. What is the proper way to propose it to him?

We already have too many Auth Hooks available as it is. I’ve consolidated the existing Auth API Hooks to use a AuthFilterContext in this commit.

So you can return a custom Auth Response when the User was already authenticated with:

Plugins.Add(new AuthFeature(...) {
    AuthResponseDecorator = authCtx => authCtx.AlreadyAuthenticated
        ? MyCreateCustomAuthResponse(authCtx)
        : authCtx.AuthResponse

This change is available from v4.5.7 that’s now available on MyGet.

1 Like