I’m getting confused about implementing a CustomAuthProvider that extends the IAuthWithRequest interface.
The wish is for this AuthProvider to recover domain credentials and authenticate against a third party service. From the documentation I read that, in this case, each HTTP request triggers the authentication process, with the consequence of triggering each time the creation of a new session and the saving of permissions / roles, an operation that can be expensive.
Two questions:
1. What is the best way to store information between HTTP calls?
2. It’s more correct to use IAuthEvents interface events than CustomUserAuthSession events right?
Thanks in advance
CodePudding user response:
For a CredentialsAuthProvider that implements IAuthWithRequest Auth Provider have a look at BasicAuthProvider which implements HTTP Basic Auth.
You can store info between HTTP Calls in your own Cookies or using ServiceStack's Session Bag.
Overriding the Session callbacks or registering Auth Events is just a matter of preference.
Whether to use