Session being overridden between requests?

ServiceStack Sessions
62

Can you paste the output of what x inspect returns, replacing RestUrl with the URL your App is using:

$ x inspect {RestUrl}

Don’t need the table of routes, just the initial metadata.

63

Yeah:

private string RestUrl => ApiSettings.Instance.ApiHost;

"ConnectionStrings": {
    "apihost": "http://localhost:5051",
    "clientusername": "**********",
    "clientpassword": "**********",
  }

And it definitely hits EhrCredentialsAuthProvider :

image
image1721×344 27.3 KB

x inspect seems to just get stuck and return nothing, I have to ctrl+c to break out.

64

This returns nothing?

$ x inspect http://localhost:5051
65

Yeah it’s just stuck here:

image
image883×62 1.68 KB

66

ok then can you go to http://localhost:5051/metadata/app.json and paste the plugins + auth section, e.g:

image
image613×1008 40.5 KB

67

Oh I know why, it was stuck on the breakpoint… haha.

Here it is from x inspect:

image
image1140×145 5.75 KB

68

ok then lets try authenticate directly with credentials auth using the x tool, can you replace the variable placeholders with what your app uses, e.g:

$ x send http://localhost:5051 Authenticate {provider:'credentials',username:'{ClientUserName}',password:'{ClientPassword}'}
69

Should I try this using the old connect() or the one you provided?

Nevermind it uses neither if it’s from command line right

70

try the command with the x tool to see if it works

71

The remote server returned an error: (404) NotFound.

72

I don’t understand, did you use the right URL?

73

I used this:
x send http://localhost:5051 Authenticate {provider:'credentials',username:'USERNAMEHERE',password:'PASSWORDHERE'}

74

That looks right, but don’t get why it’s not working. In that case can you paste the fiddler Request/Response Headers of the Authenticate Request the App does, scrubbing the User/Pass out

75

No Authenticate request shows up, it just errors out.

image
image1508×538 45.3 KB

76

I changed provider = "credentials" to provider = "bysystem" and now the error is Invalid Username or Password

77

OK i get it now, the non-existent auth provider returns a 404 which is what the error message was referring to, not that the URL was invalid.

Does your custom AuthProvider replace Provider with bysystem (I asked this earlier), if it does remove it or you can leave it and change the client to use provider="bysystem" as you’re doing.

78

Yep it does replace provider with “bysystem”, I must have misunderstood when you asked.

Now it’s hitting TryAuthenticateAsync() but failing because that method is trying to validate a user’s username/password, not the app’s.

79

Change it to use what it should? It’s going to try authenticate with what ever you’ve told it to use.

80

As I’ve mentioned, I’m not the one who initially made all this.
So to understand correctly, TryAuthenticateAsync() is supposed to authenticate the client I’m sending from, not the user of the react app?

81

That’s up to your Custom Auth Provider, I can’t tell anything from here.