OnAuthenticated for custom auth not getting hit

ultimatemonty · May 11, 2015, 8:47pm

We’re using a completely custom authentication in SS. The user can authenticate fine but the OnAuthenticated method in the custom auth provider never gets hit. Just trying to get session management into SS so I can access the user making the request. Unsure what I’m missing:

// CustomCredentialsAuthProvider.cs
 public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
        {
                var authRepo = authService.TryResolve<IAuthRepository>().AsUserAuthRepository(authService.GetResolver());

            IUserAuth user;
            if (authRepo.TryAuthenticate(userName, password, out user))
            {
                return true;
            }

            return false;
        }

public override IHttpResult OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
        {
            //Call base method to Save Session and fire Auth/Session callbacks:
            return base.OnAuthenticated(authService, session, tokens, authInfo);

            //Alternatively avoid built-in behavior and explicitly save session with
            //authService.SaveSession(session, SessionExpiry);
            //return null;
        }

mythz · May 12, 2015, 4:36am

If you’re inheriting from CredentialsAuthProvider then OnAuthenticated() should be called when TryAuthenticate() returns true. Is TryAuthenticate returning true?

ultimatemonty · May 12, 2015, 12:57pm

yes TryAuthenticate is returning true. The actual authentication works fine - a session is generated, credentials are validated, and the user is logged in. But OnAuthenticated never gets called.

mythz · May 12, 2015, 1:19pm

In the link above you’ll see where the CredentialsAuthProvider calls OnAuthenticated() right after calling TryAuthenticate():

    protected object Authenticate(IServiceBase authService, IAuthSession session, string userName, string password, string referrerUrl)
    {
        if (!LoginMatchesSession(session, userName))
        {
            authService.RemoveSession();
            session = authService.GetSession();
        }

        if (TryAuthenticate(authService, userName, password))
        {
            session.IsAuthenticated = true;

            if (session.UserAuthName == null)
            {
                session.UserAuthName = userName;
            }

            var response = OnAuthenticated(authService, session, null, null);
            if (response != null)
                return response;

            return new AuthenticateResponse
            {
                UserId = session.UserAuthId,
                UserName = userName,
                SessionId = session.Id,
                ReferrerUrl = referrerUrl
            };
        }

        throw HttpError.Unauthorized(ErrorMessages.InvalidUsernameOrPassword);
    }

If you haven’t overridden Authenticate() as well then it should be called immediately after TryAuthenticate(), if you have overridden it then you’ll need to call it explicitly as seen above.