How can I extend ServiceStack Authentication

by

There are a couple of strategies to append additional metadata to the UserAuth and UserAuthDetails tables,

If you want to extend the schema of UserAuth with your own custom POCO’s you need to subclass OrmLiteAuthRepository<T,T> class including your custom POCO’s, e.g see the source for OrmLiteAuthRepository:

public class OrmLiteAuthRepository 
    : OrmLiteAuthRepository<UserAuth, UserAuthDetails>, IUserAuthRepository
{
    public OrmLiteAuthRepository(IDbConnectionFactory dbFactory) 
        : base(dbFactory) { }
}

Extend UserAuthSession with your own typed Custom Session

At the same time extending and providing a typed, custom AuthUserSession is the recommended approach as it’s supported by ServiceStack’s Authentication Feature since the Users Session just gets blobbed in a Caching Provider (i.e. not in an RDBMS) where its schema-less persistance characteristics, easily supports extended types.

Adding additional metadata to the Meta dictionary fields

For minor extensions you can use the Meta string dictionaries fields on each table which were added specifically to support custom-held metadata. They also include useful Get<T> and Set<T> methods which also support blobbing complex types:

userAuth.Set(new Address { ... });
var address = userAuth.Get<Address>();

Linking referential data with RefId and RefIdStr fields

The UserAuth and UserAuthDetails tables also include an int? RefId and a string RefIdStr fields which you can use to reference external data like your own custom tables against each User Auth record or User OAuth registration.

Extracting UserAuth info into your own custom tables

Another option is to do what the SocialBootstrapApi example demo is doing and extract the UserAuth info into your own custom tables by overriding the OnAuthenticated hook in your own custom UserSession which get’s called each time a user successfully authenticates.

Here’s the SocialBootstrapApi example of copying the session data into a custom user POCO and saving it in a different table.

public class CustomUserSession : AuthUserSession
{
    public string CustomId { get; set; }

    public override void OnAuthenticated(IServiceBase authService, IAuthSession session, 
        IAuthTokens tokens, Dictionary<string, string> authInfo)
    {
        base.OnAuthenticated(authService, session, tokens, authInfo);

        //Populate all matching fields from this session to your own custom User table
        var user = session.TranslateTo<User>();
        user.Id = int.Parse(session.UserAuthId);
        user.GravatarImageUrl64 = !session.Email.IsNullOrEmpty()
            ? CreateGravatarUrl(session.Email, 64)
            : null;

        //Resolve the DbFactory from the IOC and persist the user info
        using (var db = authService.TryResolve<IDbConnectionFactory>().Open())
        {
            db.Save(user);
        }
    }
}

More Related Contents:

  1. Set cookies for cross origin requests
  2. What’s the difference between OpenID and OAuth?
  3. Authentication filter and servlet for login
  4. How to secure MongoDB with username and password
  5. Error when connect to impala with JDBC under kerberos authrication
  6. Handling Browser Authentication using Selenium
  7. Socket.IO Authentication
  8. user authentication libraries for node.js?
  9. Forgot Password: what is the best method of implementing a forgot password function?
  10. Authentication with 2 different tables
  11. How to use UrlFetchApp with credentials? Google Scripts
  12. LDAP: error code 49 – 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
  13. What if JWT is stolen?
  14. Token Authentication vs. Cookies
  15. How does cookie based authentication work?
  16. CSRF Token necessary when using Stateless(= Sessionless) Authentication?
  17. Why are cookies unrecognized when a link is clicked from an external source (i.e. Excel, Word, etc…)
  18. Is Facebook an OpenID provider?
  19. IIS7: Setup Integrated Windows Authentication like in IIS6
  20. REST API Token-based Authentication
  21. How to use Windows Active Directory Authentication and Identity Based Claims?
  22. Sending cookie session id with Swagger 3.0
  23. In Subversion can I be a user other than my login name?
  24. Spring security: adding “On successful login event listener”
  25. No route matches [GET] “/users/sign_out”
  26. When ServiceStack authentication fails, do not redirect?
  27. Single sign-on flow using JWT for cross domain authentication
  28. Where can I find a list of OpenID Provider URLs? [closed]
  29. Multiple IdentityServer Federation : Error Unable to unprotect the message.State
  30. How can I use persisted cookies from a file using phantomjs

Leave a Comment