ServiceStack authentication

Question

I'd like to change servicestack's authentication so that it doesn't rely on the session being persisted.

Correct me if I'm wrong but servicestack uses the session to store the remember me settings, which kind of force us to persist the session somewhere, like in redis or something similar. Because if we use an in memory cache client and the application restarts, the session doesn't exists anymore and the remember me is gone.

What I'd like to do is to put my own remember me cookie so that even if the session doesn't exist anymore for whatever reason (application restart when using the in memory cache client for example). The user would still be logged.

Any clues on how/where to start to do that? I must admit I'm a little confused on what class in servicestack has the responsability to do that.

Answer 1

It sounds like you just want to implement your own Authentication provider. ServiceStack Authentication relies on 2 persistence modes, the AuthRepository for long-term persistence of UserAuth information and the Session which enables fast-lookups of a pre-authenticated Users session information which it resolves from the registered ICacheClient.

The ICacheClient that's registered is the one that is used, if you don't specify one than an In Memory MemoryCacheClient is registered by default which will reset itself on AppDomain restarts, the other Cache Options, i.e. Redis, Memcached use a distributed cache so they are persistent across App Domain restarts.