Search code examples
fubumvc

Issues with CurrentUserPropertyBinder it cannot always remember user

I have implemented a CurrentUserPropertyBinder (see below) for a web application using FubuMVC.

public class CurrentUserPropertyBinder : IPropertyBinder
    {
        private readonly Database _database;
        private readonly ISecurityContext _security;
        public CurrentUserPropertyBinder(Database database, ISecurityContext security)
        {
            _database = database;
            _security = security;
        }
        public bool Matches(PropertyInfo property)
        {
            return property.PropertyType == typeof(User)
                && property.Name == "CurrentUser";
        }
        public void Bind(PropertyInfo property, IBindingContext context)
        {
            var currentUser = //check database passing the username to get further user details using _security.CurrentIdentity.Name
            property.SetValue(context.Object, currentUser, null);
        }
    }

When I login to my site, this works fine. The CurrentUserPropertyBinder has all the information it requires to perform the task (i.e. _security.CurrentIdentity.Name has the correct User details in it)

When I try and import a file using fineUploader (http://fineuploader.com/) which opens the standard fileDialog the _security.CurrentIdentity.Name is empty.

It doesn't seem to remember who the user was, I have no idea why. It works for all my other routes but then I import a file it will not remember the user.

Please help! Thanks in Advance

NOTE: We are using FubuMVC.Authentication to authenticate the users

Solution

  • I'm guessing your action for this is excluded from authentication; perhaps it's an AJAX-only endpoint/action. Without seeing what that action looks like, I think you can get away with a simple fix for this, if you've updated FubuMVC.Authentication in the past 3 months or so.

    You need to enable pass-through authentication for this action. Out of the box, FubuMVC.Auth only wires up the IPrincipal for actions that require authentication. If you want access to that information from other actions, you have to enable the pass-through filter. Here are some quick ways to do that.

    1. Adorn your endpoint/controller class, this specific action method, or the input model for this action with the [PassThroughAuthentication] attribute to opt-in to pass-through auth.

      [PassThroughAuthentication]
public AjaxContinuation post_upload_file(UploadInputModel input) { ... }

      or

      [PassThroughAuthentication]
public class UploadInputModel { ... }

    2. Alter the AuthenticationSettings to match the action call for pass-through in your FubuRegistry during bootstrap.

      ...
AlterSettings<AuthenticationSettings>(x => {
    // Persistent cookie lasts 3 days ("remember me").
    x.ExpireInMinutes = 4320;

    // Many ways to filter here.
    x.PassThroughChains.InputTypeIs<UploadInputModel>();
});

    Check /_fubu/endpoints to ensure that the chain with your action call has the pass-through or authentication filter applied.