Please include a complete example of an auth request that includes the full HTTP Request/Response Headers. (with any sensitive info scrubbed out).
This working as expected, no cookies are sent with the request so new cookies are returned.
So why aren’t the cookies being sent? Can you test this using a browser?
The requests following the auth request do have the cookies with them:
It’s just each new auth that doesn’t and returns new ids.
Can you please show a full request that contains HTTP Request Headers with cookies sent with them and the HTTP Response it returns, the important part is the raw HTTP Request/Response Headers, I cannot identify anything without them.
And where’s the raw response HTTP Headers for this request?
Ok so this again is working as expected, cookies are sent with the request so no cookies are returned.
But it looks like you’re sending this with the C# Service Client, is this what you had issues with?
They’re sent from the asp.net core application yeah.
The issue I’m having is in the webservice where I want to use the session to save data between requests from the asp.net core application
Using the C# client? Are you using the same C# client instance to send the requests?
Can you show the raw HTTP Request/Response headers of a request with the actual issue, I don’t believe I’ve seen 1 full example yet.
BTW since you’re using v5.12 it may be easier to print the headers with the new CaptureHttp() API, e.g:
var client = new JsonServiceClient(BaseUrl);
client.CaptureHttp(print:true);
Which will output the Headers to the Console.
Using the C# client yeah.
They’re sent like so:
client being set like so:
The issue is that each auth request changes the ids. An auth request happens, then my SwitchRelative request happens where I save something in session.
Then from a GetMessages request I want to use the data previously saved in session. But before this GetMessage request happens a new auth request happens and thus the GetMessages request has a new id and can’t get the data saved in session.
I don’t know how I would show this issue in one request?
Why are you authenticating with HTTP BasicAuth if you want to use session cookies? That wont use the session and has to re-authenticate with each request.
You should be authenticating with a Session Auth Provider like Credentials Auth, e.g:
var client = new JsonServiceClient(BaseUrl);
var authResponse = client.Post(new Authenticate {
provider = CredentialsAuthProvider.Name, //= credentials
UserName = "test@gmail.com",
Password = "p@55w0rd",
RememberMe = true,
});
Then you can use the authenticated client
instance to make authenticated requests which will resend the same session cookies.
I’m not the one who originally set up servicestack in the projects so I’m not sure why the decisions were made. However we are using CredentialsAuthProvider
not basic:
new AuthFeature (
() => new EhrAuthUserSession(),
new IAuthProvider[] {
new EhrCredentialsAuthProvider()
}
)
If you’re authenticating using Credentials you would need to authenticate with the Authenticate { provider = "credentials" }
DTO, i.e:
var authResponse = client.Post(new Authenticate {
provider = CredentialsAuthProvider.Name, //= credentials
});
Your client instead sets the UserName/Password
directly on the client with AlwaysSendBasicAuthHeader=true
which authenticates uses HTTP Basic Auth.
What does your custom EhrCredentialsAuthProvider
inherit from?
There must be some kind of mismatch then?
EhrCredentialsAuthProvider inherits CredentialsAuthProvider
ok does the implementation get the Username/Password from the Request DTO? If it does you should be able to authenticate using credentials auth, i.e replace your existing Connect()
implementation with:
private bool Connect()
{
client = new JsonServiceClient(RestUrl);
client.Post(new Authenticate {
provider = "credentials",
UserName = ClientUserName,
Password = ClientPassword,
RememberMe = true,
});
}
Yeah it just uses the username/password passed to TryAuthenticateAsync().
I’ll try implementing that now.
Using this I run into this error: No configuration was added for OAuth provider 'credentials'
Then it’s either not using that AuthProvider or its changed its Provider
from the default credentials
to something else. Is this AuthFeature that uses EhrCredentialsAuthProvider
definitely registered in the ServiceStack Host that RestUrl
refers to?