0

I am sending the following POST request as per the documentation:

POST http://localhost:56049/auth/credentials?format=json HTTP/1.1
User-Agent: Fiddler
Host: localhost:56049
Content-Length: 64

{
    "UserName" : "admin",
    "Password" : "test",
    "RememberMe" : true
}

However, it gives me an unexpected result:

{"responseStatus":{"errorCode":"ValidationException","message":"Validation failed: 
\r\n -- 'User Name' should not be empty.\r\n -- 'Password' should not be empty.",
"stackTrace":[...]

Why does it think my user name and password are empty?

Ref. https://github.com/ServiceStack/ServiceStack/wiki/Authentication-and-authorization

user1477388
  • 20,790
  • 32
  • 144
  • 264

1 Answers1

1

The Content-Type of the Request should be in the HTTP Headers, try:

POST http://localhost:56049/auth/credentials HTTP/1.1
Host: localhost:560490
User-Agent: Fiddler
Content-Type: application/json
Content-Length: 64

{
    "UserName" : "admin",
    "Password" : "test",
    "RememberMe" : true
}
mythz
  • 141,670
  • 29
  • 246
  • 390
  • 1
    You're so right! Thanks, I forgot that bit. My mistake. – user1477388 Sep 24 '14 at 15:11
  • By the way, it's hard to tell from the doc, but how can I send back the SessionId? I have tried sending it via a header in the GET request but it still says 401 unauthorized. – user1477388 Sep 24 '14 at 15:15
  • Also, I notice it doesn't hit my TryAuthenticate method when debugging even though I have defined it as a plugin in AppHost. Do I have to create a custom attribute as per http://stackoverflow.com/questions/17634486/401-error-when-using-authenticate-with-basicauthprovider ? – user1477388 Sep 24 '14 at 15:22
  • @user1477388 Not sure what you mean by send back the SessionId? Do you mean how to perform session requests? They're automatically sent using [ss-id and ss-pid cookies](https://github.com/ServiceStack/ServiceStack/wiki/Sessions#permanent-and-temporary-session-ids). If this is for debug purposes you can [export the session in a query string](https://github.com/ServiceStack/ServiceStack/wiki/Postman#support-for-authenticated-requests) as part of the Postman support. – mythz Sep 24 '14 at 15:30
  • @user1477388 It's likely a misconfiguration, but I can't tell what your `TryAuthenticate` issue is without seeing your configuration, please open up a new question with your AppHost configuration and how you're trying to call it. The [Authentication section in HttpBenchmarks](https://github.com/ServiceStackApps/HttpBenchmarks#authentication) may also be useful as an example of a live demo that supports multiple auth providers. – mythz Sep 24 '14 at 15:34
  • Well, essentially, I am just trying to use my new CustomCredentialsAuthProvider but when I add the [Authenticate] attribute atop my service all it does is return 401. I just called the /auth/credentials and it gave me the sessionId and username but I can't seem to authenticate. I will open a new question if I can't figure it out soon. Thanks. – user1477388 Sep 24 '14 at 15:35
  • 1
    Is this in Fiddler? If so you need to add the ss-id/ss-pid cookies returned in the HTTP Response headers on each HTTP request. – mythz Sep 24 '14 at 15:38
  • Yes, it is in fiddler. However, when I try to add the headers like `ss-id:2hjtligETL7tZQNyzLJz; path=/; HttpOnly` to my GET request, I still get the 401. Have I misunderstood? – user1477388 Sep 24 '14 at 16:05
  • 1
    Okay, found the answer. Needed to add a combined header like so: `Cookie: ss-id=2hjtligETL7tZQNyzLJz; path=/; HttpOnly;ss-pid=fRDsiV7CQPmK6gnevvCP; expires=Sun, 24-Sep-2034 16:03:25 GMT; path=/; HttpOnly;ss-opt=perm; expires=Sun, 24-Sep-2034 16:03:25 GMT; path=/; HttpOnly` – user1477388 Sep 24 '14 at 16:24
  • 1
    @user1477388 Yeah that's the cookie format. In the next v4.0.32+ of ServiceStack you will [be able to use explicit HTTP Request Headers](https://github.com/ServiceStack/ServiceStack/commit/6983e291adb537cf2b41558a54a013cbfe15c7e6) like `X-ss-opt`, `X-ss-id` and `X-ss-pid` instead of Cookies. – mythz Sep 24 '14 at 16:52
  • Cool, thanks for the headsup! Since your the creator, I would also like to mention how nice I think it would be to have an easy implementation of the RFC 6749 standard. I opened a question about it here but didn't get any responses http://stackoverflow.com/questions/26003589/rfc-6749-authentication-with-servicestack but essentially, what you're describing is close enough for me :) – user1477388 Sep 24 '14 at 18:01
  • 1
    @user1477388 Since it returns a custom response you'd need to create a Custom AuthProvider and override the `Authenticate()` API to return the desired response. For authenticating on subsequent requests you'd implement `IAuthWithRequest.PreAuthenticate()` method see [BasicAuthProvider.PreAuthenticate()](https://github.com/ServiceStack/ServiceStack/blob/master/src/ServiceStack/Auth/BasicAuthProvider.cs#L34) for an example. Don't have time to build this atm, but you can [submit a feature request](http://servicestack.uservoice.com/forums/176786-feature-requests) so we can measure interest in it. – mythz Sep 24 '14 at 18:26