Desktop Application with ServiceStack Authentication

[fergs]

So I have a ServiceStack API project, everything is working sweet here (loving ServiceStack by the way). I've created a 'CustomCredentialsAuthProvider', as per https://github.com/ServiceStack/ServiceStack/wiki/Authentication-and-authorization

I'm then using a WPF Desktop Application, that is using the API successfully. I'm now wiring up the Authentication side of things by using:

var response = serviceClient.Send<AuthResponse>(new Auth { UserName = "Test", Password = "TestPassword" });

On successful authentication I get a lovely 'response' packet back with the SessionId, Username and empty ResponseStatus.

I'm just not sure what to do next...

What do I do once the user has been authenticated by the api? Do I store the sessionId in Memory or a Database and then pass this with each request, validating the sessionId in each service?

All the examples are web based, so they have cookies and sessions, does this work in desktop clients as well?

What is the Best practice for Desktop client app?

[Demis Bellot]

That's it you're done :)

Basically the way it works is that the server sets a Cookie with the Session Id on the ServiceClient which automatically gets set on every subsequent request. So you just need to keep using the instance of the ServiceClient you authenticated with.

It's threadsafe so you can treat it like a Singleton somewhere.

Another option of Authenticating that's built into the ServiceClient is BasicAuth (UserName/Password fields on ServiceClient), where if you have a BasicAuthProvider enabled on the server you can skip pre-authenticating and just call the service that requires authentication directly, then when the client is first challenged it will auto resend the request with the BasicAuth headers and authenticate at that time. You can also save the round-trip of the server challenge by setting client.AlwaysSendBasicAuthHeader = true; and it will always append these headers. 

The tests around this are here:

https://github.com/ServiceStack/ServiceStack/blob/master/tests/ServiceStack.WebHost.Endpoints.Tests/AuthTests.cs

Cheers,

--
- Demis

http://twitter.com/demisbellot

http://www.servicestack.net/mythz_blog

[fergs]

oh sweet, easy beasy. Thanks Demis.

So now I have the custom auth provider return true and the Onauthenticated saving session but I'm getting 'Unauthorized' returned. 

I have setup the TryAuthenticate and OnAuthenticated as per the examples :  https://github.com/ServiceStack/ServiceStack/wiki/Authentication-and-authorization 

I've set the 'session.IsAuthenticated' to true. Played with Session expiry.

This is what I have straight from the Test link you sent me:

                var client = GetClient();

                var authResponse = client.Send<AuthResponse>(new Auth

                {

                    UserName = "user",

                    Password = "p@55word",

                    RememberMe = true,

                });

                var request = new Secured { Name = "test" };

                var response = client.Send<SecuredResponse>(request);

                Console.WriteLine(response.Result);

I'm guessing I'm missing something else tho?

[Demis Bellot]

Nah that should work, I can't see the GetClient() or the registration tho it sounds like it's setup OK.

If you can, get Fiddler (or wireshark) to capture and dump the HTTP traffic so we have a better idea of what's going on.

Otherwise I'll need a stand-alone failing test so I can debug it on my side.

[fergs]

Hi Demis,

this is the Getclient:

        private const string ListeningOn = "http://localhost:9000/api";

        IServiceClient GetClient()

        {

            return new JsonServiceClient(ListeningOn);

        }

And this is all I'm doing for the Authentication side:

       public override bool TryAuthenticate(IServiceBase authService, string userName, string password)

        {

            return true;

        }

        public override void OnAuthenticated(IServiceBase authService, IAuthSession session, IOAuthTokens tokens, Dictionary<string, string> authInfo)

        {

            //Fill the IAuthSession with data which you want to retrieve in the app eg:

            session.FirstName = "some_firstname_from_db";

            session.IsAuthenticated = true;

            //...

            

            //Important: You need to save the session!

            authService.SaveSession(session, SessionExpiry);

        }

There's no registration at the moment. 

I'll do a stand-alone for you but would prefer not to post it here.

[Demis Bellot]

Yeah I already got tests of it working, just can't tell why yours isn't.

Your registering your CustomAuthProvider in your AppHost as well right?

BTW what host are you using? ASP.NET or HttpListener?

Sure just send it to my direct email.

[fergs]

Just sent you the stand alone apps to your gmail account.

Yes, I've registered the customauthprovider in apphost.

I'm not using the HttpListener as per the examples, so I guess its ASP.NET.

[fergs]

Hi Mythz did you get my email?

On Friday, 14 September 2012 14:05:54 UTC+8, mythz wrote:

[Demis Bellot]

Yeah apologies, just had a really busy week.

Basically the issue is that there was no ICacheClient registered so the session wasn't being saved and retrieved from the same cache instance. 

You can specify to use the same In Memory cache instance by adding this to your AppHost:

container.Register<ICacheClient>(new MemoryCacheClient());

There are a number of other caching options you might want to use when deploying to production (esp. if you have load-balanced servers):

https://github.com/ServiceStack/ServiceStack/wiki/Caching

Cheers,

[fergs]

Thanks for your help. I have this working now.

I have a few other questions but I'll ask them on stack overflow.

Thanks again. Loving ServiceStack.