问题
I created a TestService that calls the AuthenticateService and authenticates the user. Before calling the TestService I cleared all of my cookies to make sure that once I get the response I get the ss-id and ss-pid cookies, which I do get.
AppHost Configuration: (SS v4.0.8.0)
//Plugins
Plugins.Add(new RazorFormat());
Plugins.Add(new SessionFeature());
Plugins.Add(new AuthFeature(() => new CustomUserSession(),
new IAuthProvider[] { new CustomCredentialsAuthProvider() }));
container.Register<ICacheClient>(new MemoryCacheClient());
My CustomCredentialsAuthProvider:
public class CustomCredentialsAuthProvider : CredentialsAuthProvider
{
public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
{
// Custom Auth Logic
// Return true if credentials are valid, otherwise false
// bool isValid = Membership.ValidateUser(userName, password);
return true;
}
public override void OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
{
base.OnAuthenticated(authService, session, tokens, authInfo);
var loginManager = authService.TryResolve<LoginManager>();
var loginInfo = loginManager.GetLoginInfo(session.UserAuthName);
authService.SaveSession(loginInfo.CustomUserSession, SessionExpiry);
}
}
My TestService:
public class TestService : Service
{
public object Any(Test request)
{
var response = new TestResponse();
var authService = base.ResolveService<AuthenticateService>();
var authResponse = authService.Authenticate(new Authenticate
{
UserName = "user",
Password = "password",
RememberMe = false
});
base.Request.ResponseContentType = MimeTypes.Html; //Temporary workaround, will not be needed in v4.0.9+
return response;
}
}
So, to recap. I hit the TestService, authenticate the user, return response and make sure the response contains the ss-id and ss-pid cookies. Now I try to hit another service that has the [Authenticate] attribute. My breakpoint in the service never hits and I get this response in the browser.
Handler for Request not found:
Request.HttpMethod: GET Request.PathInfo: /login Request.QueryString: ServiceStack.NameValueCollectionWrapper
Request.RawUrl:/login?redirect=http%3a%2f%2flocalhost%3a50063%2fBOP%2fbasic-info-2
I have tried applying the [Authenticate] attribute over the service method and over the whole service, with the same result. I have tested that I can get to the service methods if the [Authenticate] attribute is commented out, which works, so it is not service config issue or route issue.
I also created two service methods /basic-info-1 and /basic-info-2. /basic-info-2 has the [Authenticate] attribute and basic-info-1 does not. After authenticating, I am able to get to basic-info-1 without issues and have also confirmed that I can get to the session information that was saved in the OnAuthenticated() method. For /basic-info-2 I get that handler error.
I am not sure what happens in the [Authenticate] attribute but from the looks of that handler error, the authentication fails and SS tries to redirect me to /login which does not exist in my project hence the handler error. I wonder why the authenticate attribute is not recognizing my ss-id and ss-pid cookies?
回答1:
Diagnosis:
You should check the session being returned in your unauthenticated method (/basic-info-1), after you have authenticated using /test. If your session is working correctly you should see UserAuthId, UserAuthName and Id correctly set on the session. It doesn't appear these are correctly set and the [Authenticate] attribute therefore doesn't see a valid session.
Likely Problem:
The problem is likely in your OnAuthenticated method, specifically your LoginManager is not correctly returning these values when you save the session.
From your code:
var loginManager = authService.TryResolve<LoginManager>();
var loginInfo = loginManager.GetLoginInfo(session.UserAuthName);
authService.SaveSession(loginInfo.CustomUserSession, SessionExpiry);
loginInfo.CustomUserSession.UserAuthIdisnullloginInfo.CustomUserSession.UserAuthNameisnullloginInfo.CustomUserSession.Idisnull
Solution:
Correctly set those attributes before calling SaveSession.
来源:https://stackoverflow.com/questions/21482929/servicestack-authentication-authenticate-attribute-fails-to-process-the-ss-id