Sir Thomas - 5 - Feb 21, 2015

[solved]  I am trying to use RedisAuthRepository but am not able to authenticate.  I enabled the /register and in Redis the IUserAuths and hash maps are being created.

When I post to /auth/credentials from my login page, the CustomCredentialsAuthProvider is invoked and I see the u/p passed ok, but base.TryAuthenticate(authService, userName, password) is always false.

In the console I can see calls to Redis seem to work - it finds the userid from the hash, then gets the userauth, so it must be failing on password check.  But I’m a bit stumped, I posted to /register with UserName=foo&Password=bar, and right after try to authenticate.

This should be straight forward, feels like I’m missing something hiding in plain sight.  Thoughts?

Just tried switching over to use RedisAuth in AuthWeb tests project and it’s still works. Wont be able to tell what’s wrong from that description alone. Maybe try creating a fork of one of the Live demos that uses CredentialsAuth and switch it over to use RedisAuth and see it it works? MVC is pretty small and just does Auth:

If it’s still not working than send me a link to your fork and I’ll try and repro locally.

Sir Thomas:

ok. Digging deeper it looks like it is due to the keys of the IUserAuth objects being saved lowercase in redis (urn:iuserauth:1).  That means it breaks the Redis Get.  Not sure why that’s happening.  If in the TryAuthenticate I manually do a Redis.GetEntry(“urn:iuserauth:{id}”).FromJson<UserAuth>() and run the VerifyHashString … it succeeds.

Sir Thomas:

found it.  manually changing the case of the urn:iuserauth doesn’t fix it, the Redis.GetById<IUserAuth> still returns null.

I had this in the AppHost (taken from an OrmLite-based project) for reasons I don’t remember:
JsConfig<MyAuthSession>.IncludeTypeInfo = true;

Commenting this out seems to do the trick. Forgot that JsConfig settings affect Redis in/out.  Is there a way to have service facing JsConfig different than Redis-layer JsConfig?

There’s only 1 global Json configuration which applies to the entire app domain. The Json Serializer also supports scoped configuration with using(JsConfig.With(…)) {} but that doesn’t allow per-type configuration. But it sounds like here you want the same Custom UserAuthSession type to have 2 different serialization behaviors which is going to cause conflict since they both use the same JSON serializer config for serialization. If you want to maintain different behavior I’d recommend mapping it to another DTO which lets you control what properties you want serialized independently from the Custom UserSession.

Sir Thomas:

No worries - I’ll go with this.  
I think someone should make a cover of Blue Oyster Cult’s Don’t Fear the Reaper … “Don’t Fear the Defaults”    :)