How can I extend ServiceStack Authentication

19
votes

I'm using ServiceStack Authentication with ServiceStack.OrmLite (SqlServer). I have different User types like Student, Teacher, Principal.. All user types will have relation with other Db Tables. What is the best practise to implement it?

A) Add necessary fields to UserAuth table and make Black Magic.(After creation of UserAuth add necessary extra informations to table Manually)

B) Student:UserAuth (All fields in UserAuth will be cloned)

C) Student.UserAuthId, UserAuth.Meta[UserType.Student,StudentId] mutual-reference

D) Extend XService, XFeature or ??

PS: How about to add Owner and Type fields to ServiceStack UserAuth table.

1
authenticationservicestack

1 Answers

26
votes

There are a couple of strategies to append additional metadata to the UserAuth and UserAuthDetails tables,

If you want to extend the schema of UserAuth with your own custom POCO's you need to subclass OrmLiteAuthRepository<T,T> class including your custom POCO's, e.g see the source for OrmLiteAuthRepository:

public class OrmLiteAuthRepository 
    : OrmLiteAuthRepository<UserAuth, UserAuthDetails>, IUserAuthRepository
{
    public OrmLiteAuthRepository(IDbConnectionFactory dbFactory) 
        : base(dbFactory) { }
}

Extend UserAuthSession with your own typed Custom Session

At the same time extending and providing a typed, custom AuthUserSession is the recommended approach as it's supported by ServiceStack's Authentication Feature since the Users Session just gets blobbed in a Caching Provider (i.e. not in an RDBMS) where its schema-less persistance characteristics, easily supports extended types.

Adding additional metadata to the Meta dictionary fields

For minor extensions you can use the Meta string dictionaries fields on each table which were added specifically to support custom-held metadata. They also include useful Get<T> and Set<T> methods which also support blobbing complex types:

userAuth.Set(new Address { ... });
var address = userAuth.Get<Address>();

Linking referential data with RefId and RefIdStr fields

The UserAuth and UserAuthDetails tables also include an int? RefId and a string RefIdStr fields which you can use to reference external data like your own custom tables against each User Auth record or User OAuth registration.

Extracting UserAuth info into your own custom tables

Another option is to do what the SocialBootstrapApi example demo is doing and extract the UserAuth info into your own custom tables by overriding the OnAuthenticated hook in your own custom UserSession which get's called each time a user successfully authenticates.

Here's the SocialBootstrapApi example of copying the session data into a custom user POCO and saving it in a different table.

public class CustomUserSession : AuthUserSession
{
    public string CustomId { get; set; }

    public override void OnAuthenticated(IServiceBase authService, IAuthSession session, 
        IAuthTokens tokens, Dictionary<string, string> authInfo)
    {
        base.OnAuthenticated(authService, session, tokens, authInfo);

        //Populate all matching fields from this session to your own custom User table
        var user = session.TranslateTo<User>();
        user.Id = int.Parse(session.UserAuthId);
        user.GravatarImageUrl64 = !session.Email.IsNullOrEmpty()
            ? CreateGravatarUrl(session.Email, 64)
            : null;

        //Resolve the DbFactory from the IOC and persist the user info
        using (var db = authService.TryResolve<IDbConnectionFactory>().Open())
        {
            db.Save(user);
        }
    }
}