Unable to cast object of type 'ServiceStack.AuthUserSession'

When using the /ui on my API, I run into a weird issue. Here is my AuthFeature

Plugins.Add(new AuthFeature(() => new PEUserSession(), new IAuthProvider[]
            {
                new ApiKeyAuthProvider(_peSettings) {RequireSecureConnection = false},
                new CredentialsAuthProvider(_peSettings),
                new JwtAuthProvider()
                {
                    HashAlgorithm = "RS256", PrivateKeyXml = Encryption.GetPrivateKey(),
                    RequireSecureConnection = config.RequireSecureConnection,
                    UseTokenCookie = false,
                    CreatePayloadFilter = (payload, session) =>
                    {
                        var customSession = (PEUserSession) session;
                        payload["domain"] = customSession.Domain;
                        payload["lang"] = customSession.Language;
                        payload["ppaUsername"] = customSession.PPAUsername;
                        payload["ppaUserId"] = customSession.PPAUserId.ToString();
                        payload["ttl"] = customSession.TTL.ToString();
                        payload["idleTimeOut"] = customSession.IdleTimeOut.ToString();
                        payload["exp"] = customSession.UaaExp==0?long.MaxValue.ToString():customSession.UaaExp.ToString();
                    },
                    PopulateSessionFilter = ((session, payload, req) =>
                    {
                        if (session is not PEUserSession customUserSession) return;

                        customUserSession.Domain = payload["domain"];
                        customUserSession.Language = payload["lang"];
                        customUserSession.PPAUsername = payload["ppaUsername"];
                        if (int.TryParse(payload["ppaUserId"],
                                out var userId))
                            customUserSession.PPAUserId = userId;
                        if (int.TryParse(payload["ttl"], out var ttl))
                            customUserSession.TTL = ttl;
                        if (int.TryParse(payload["idleTimeOut"], out var idleTimeOut))
                            customUserSession.IdleTimeOut = idleTimeOut;
                        if (int.TryParse(payload["exp"], out var uaaExp))
                            customUserSession.UaaExp = uaaExp;
                    })
                }
            })
        { HtmlRedirect = null, IncludeRegistrationService = true });

Here is my PEUserSession

     [DataContract]
    public class PEUserSession : AuthUserSession
    {
        [DataMember]
        public string Domain { get; set; }

        [DataMember]
        public string PPAUsername { get; set; }
        [DataMember]
        public int PPAUserId { get; set; }
        [DataMember]
        public int TTL { get; set; }
        [DataMember]
        public int IdleTimeOut { get; set; }
        [DataMember]
        public long UaaExp { get; set; }
    }

To reproduce the issue:
1-Use authsecret to login => code is not going into the JWT CreatePayloadFilter
2-Signout
3-Use the API Key to login =>code goes into CreatePayloadFilter, the session is of type PEUserSession
4-Signout =>code goes into CreatePayloadFilter, the session is of type PEUserSession
5-Use the authsecret to login => code goes into CreatePayloadFilter, the session is of type AuthUserSession and cannot be converted to my PEUserSession…

I wonder why I get this behavior and why the casting fails…

What’s the full Exception StackTrace?

   at PEDataApi.AppHost.<>c.<Configure>b__5_10(JsonObject payload, IAuthSession session) in C:\Dev\Symasol\PG\DMO\PE-API\Code\PEDataApi\AppHost.cs:line 233
   at ServiceStack.Auth.JwtAuthProvider.CreateJwtBearerToken(IRequest req, IAuthSession session, IEnumerable`1 roles, IEnumerable`1 perms) in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack/Auth/JwtAuthProvider.cs:line 158
   at ServiceStack.Auth.JwtAuthProvider.<ExecuteAsync>d__11.MoveNext() in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack/Auth/JwtAuthProvider.cs:line 81

Thanks, this should be resolved from the latest v6.1.1 that’s now available on MyGet.

1 Like