SS 8.5.2 Identity Auth Credentials SessionAs is null

Cynicszm · January 29, 2025, 11:26am

Hi,

I’m using ServiceStack 8.5.2. Authentication and caching is configured and is shown below:

Config.Auth.cs:

public class ConfigureAuth : IHostingStartup
{
    public void Configure( IWebHostBuilder builder )
    {
        builder
            .ConfigureServices( services =>
            {
                services.AddPlugin( new AuthFeature( IdentityAuth.For<ApplicationUser>( options =>
                {
                    options.CredentialsAuth();
                    options.SessionFactory = () => new CustomUserSession();
                } ) ) );
            } )
    }
}

Caching is configured

public class ConfigureAppHost() : AppHostBase( "App" ), IHostingStartup
{
    public void Configure( IWebHostBuilder builder )
    {
        builder
            .ConfigureServices( services =>
            {
                #region Cache

                var sqlConnectionString =
                    new SqlConnectionStringBuilder( Config.ConnectionString )
                    {
                        InitialCatalog = Config.DatabaseName
                    };

                // Add OrmLite Db Factory
                services.AddSingleton<IDbConnectionFactory>( _ =>
                    new OrmLiteConnectionFactory( sqlConnectionString.ConnectionString,
                        SqlServer2019Dialect.Provider ) );

                services.AddSingleton<ICacheClient>( c =>
                    new OrmLiteCacheClient { DbFactory = c.GetRequiredService<IDbConnectionFactory>() } );

                #endregion
                
            } )
            .ConfigureAppHost( BeforeAppHostConfigure, AfterAppHostConfigure, afterAppHostInit: AfterAppHostInit );
    }
	
	public override void Configure( Container container )
	{
		base.Configure( container );

    #region Caching

    var cache = container.Resolve<ICacheClient>();
    cache.InitSchema();
	
	#endregion
	
	//Other configuration
	}
}

We are also populating the CustomUserSession from claims using the override PopulateFromClaims which is being called and the CustomUserSession is getting the values

Calling the service from the ServiceStack Typescript client after Authencate with the Credentials Provider works and I can see the ss-id on the request.

The Service is configured with the [Authenticate] attribute but when I use the SessionAs the session.IsAuthenticated is false and the properties are mostly null / 0 / false apart from CreatedAt and LastModified which are both populated.

Any ideas what I can do to get a populated Session?

Thanks,
John

mythz · January 29, 2025, 11:35am

Couldn’t tell you what the issue is from here. Are you using Endpoint Routing? Does IRequest.GetClaimsPrincipal() return an Authenticated Claims Principal?

Cynicszm · January 29, 2025, 11:53am

Thanks for the quick response.
GetClaimsPrincipal() returns null.

I am doing some config in Program.cs.

 var securityConn = new SqlConnectionStringBuilder
 {
     ConnectionString = Config.ConnectionString,
     InitialCatalog = Config.DatabaseName
 };
 
	builder.Services.AddDbContext<ApplicationDbContext>(
       options =>
           options.UseSqlServer( securityConn.ConnectionString,
               x =>
               {
                   x.MigrationsHistoryTable( SecurityMigrationTable,
                       SecurityMigrationSchema );
                   x.MigrationsAssembly( SecurityMigrationAssembly );
               } ).UseLazyLoadingProxies() );
			   
 builder.Services.AddAuthorization();

builder.Services.AddIdentityApiEndpoints<ApplicationUser>( options =>
{
    //...
} )
    .AddRoles<ApplicationRole>()
    .AddEntityFrameworkStores<ApplicationDbContext>();
	
 
builder.Services
     .AddScoped<IUserClaimsPrincipalFactory<ApplicationUser>,
         AdditionalUserClaimsPrincipalFactory>();
		 
		 
		 
 var app = builder.Build();
		 
 app.MapIdentityApi<ApplicationUser>();
		 
		 
app.UseServiceStack( new ConfigureAppHost(), options =>
  {
      options.MapEndpoints();
  } );

mythz · January 29, 2025, 12:37pm

If GetClaimsPrincipal() is null then it suggests the Request is not Authenticated.
Can you replace the [Authenticate] attribute to use [ValidateIsAuthenticated] attribute on the Request DTOs.

Cynicszm · January 29, 2025, 4:05pm

Apologies, turns out to be an error on our part in the way the request is created and sent via a ServiceGateway.

The original request has a correct Session and Claims Principal but is lost by the time we call the ServiceGateway