堆栈内存溢出
  繁体   English   中英

ServiceStack中的BasicAuthProvider

[英]BasicAuthProvider in ServiceStack

 原文  2012-11-10 13:44:03       c#/ url/ basic-authentication/ servicestack

问题描述

我在ServiceStack中遇到BasicAuthProvider问题。 对CredentialsAuthProvider(/ auth / credentials)的POST工作正常。

问题是,在GET中(在Chrome中)时: http://foo:pwd@localhost:81/tag/string/list

以下是结果

找不到请求处理程序:

Request.HttpMethod:GET Request.HttpMethod:GET Request.PathInfo:/ login Request.QueryString:System.Collections.Specialized.NameValueCollection Request.RawUrl:/ login?redirect = http%3a%2f%2flocalhost%3a81%2ftag%2fstring% 2flist

告诉我,它将我重定向到/ login,而不是处理/ tag / ...请求。

这是我的AppHost的完整代码: 

public class AppHost : AppHostHttpListenerBase, IMessageSubscriber
{
    private ITagProvider myTagProvider;
    private IMessageSender mySender;

    private const string UserName = "foo";
    private const string Password = "pwd";

    public AppHost( TagConfig config, IMessageSender sender )
        : base( "BM App Host", typeof( AppHost ).Assembly )
    {
        myTagProvider = new TagProvider( config );
        mySender = sender;
    }

    public class CustomUserSession : AuthUserSession
    {
        public override void OnAuthenticated( IServiceBase authService, IAuthSession session, IOAuthTokens tokens, System.Collections.Generic.Dictionary<string, string> authInfo )
        {
            authService.RequestContext.Get<IHttpRequest>().SaveSession( session );
        }
    }

    public override void Configure( Funq.Container container )
    {
        Plugins.Add( new MetadataFeature() );

        container.Register<BeyondMeasure.WebAPI.Services.Tags.ITagProvider>( myTagProvider );
        container.Register<IMessageSender>( mySender );

        Plugins.Add( new AuthFeature( () => new CustomUserSession(),
                new AuthProvider[] {
                    new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
                    new BasicAuthProvider(), //Sign-in with Basic Auth
                } ) );

        container.Register<ICacheClient>( new MemoryCacheClient() );
        var userRep = new InMemoryAuthRepository();
        container.Register<IUserAuthRepository>( userRep );

        string hash;
        string salt;
        new SaltedHash().GetHashAndSaltString( Password, out hash, out salt );
        // Create test user
        userRep.CreateUserAuth( new UserAuth
        {
            Id = 1,
            DisplayName = "DisplayName",
            Email = "as@if.com",
            UserName = UserName,
            FirstName = "FirstName",
            LastName = "LastName",
            PasswordHash = hash,
            Salt = salt,
        }, Password );
    }
}

有人可以告诉我SS配置或我如何调用该服务有什么问题吗,即为什么它不接受提供的用户/密码?

UPDATE1:在Fiddler2when捕获请求/响应仅使用BasicAuthProvider。 请求中未发送Auth标头,但响应中也未发送Auth标头。 

GET /tag/string/AAA HTTP/1.1
Host: localhost:81
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko)        Chrome/23.0.1271.64 Safari/537.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,sv;q=0.6
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ss-pid=Hu2zuD/T8USgvC8FinMC9Q==; X-UAId=1; ss-id=1HTqSQI9IUqRAGxM8vKlPA==

HTTP/1.1 302 Found
Location: /login?redirect=http%3a%2f%2flocalhost%3a81%2ftag%2fstring%2fAAA
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/3,926 Win32NT/.NET
Date: Sat, 10 Nov 2012 22:41:51 GMT
Content-Length: 0

HtmlRedirect = null的Update2请求/响应。 SS现在会用Auth标头回答,然后Chrome发出第二个请求,并且身份验证成功 

GET http://localhost:81/tag/string/Abc HTTP/1.1
Host: localhost:81
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,sv;q=0.6
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ss-pid=Hu2zuD/T8USgvC8FinMC9Q==; X-UAId=1; ss-id=1HTqSQI9IUqRAGxM8vKlPA==

HTTP/1.1 401 Unauthorized
Transfer-Encoding: chunked
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/3,926 Win32NT/.NET
WWW-Authenticate: basic realm="/auth/basic"
Date: Sat, 10 Nov 2012 22:49:19 GMT

0

GET http://localhost:81/tag/string/Abc HTTP/1.1
Host: localhost:81
Connection: keep-alive
Authorization: Basic Zm9vOnB3ZA==
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,sv;q=0.6
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ss-pid=Hu2zuD/T8USgvC8FinMC9Q==; X-UAId=1; ss-id=1HTqSQI9IUqRAGxM8vKlPA==

1 个解决方案

解决方案1
 1 已采纳  2012-11-10 18:49:23

foo:pwd@前缀为以下网址: 

http://foo:pwd@localhost:81/tag/string/list

这不是您使用HTTP进行基本验证的方式,例如Wikipedia页面

通过HTTP客户端发送BasicAuth请求

当用户代理想要发送服务器身份验证凭据时,它可以使用授权标头。

Authorization标头的构造如下:

  1. 用户名和密码合并为字符串“ username:password”
  2. 然后使用Base64对生成的字符串文字进行编码
  3. 然后将Authorization方法和一个空格(即“ Basic” )放在编码的字符串之前。

例如,如果用户代理使用“ Aladin”作为用户名,并使用“ sesam open”作为密码,则标头的格式如下: 

Authorization: Basic QWxhZGluOnNlc2FtIG9wZW4=

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ServiceStack CookieException PCF和服务栈 ServiceStack - FluentValidation AOP与ServiceStack ServiceStack CustomRegistrationFeature ServiceStack性能 Servicestack序列化 ServiceStack RequestBindingException ServiceStack IReturn SOAPAction和服务栈
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM