9

是否可以返回自定义身份验证响应?我已经有自己的自定义身份验证提供程序,它继承自 CredentialsAuthProvider。

我想在响应中返回会话到期日期,以便客户端确切知道他们的服务器会话何时到期:

{
    "sessionId": "bG27SdxbRkqJqU6xv/gvBw==",
    "userName": "joe.bloggs@letmein.com",
    "sessionExpires": "2013-04-29T03:27:14.0000000",
    "responseStatus": {}
}

我可以像这样覆盖 Authenticate 方法:

public override object Authenticate(IServiceBase authService, IAuthSession session, Auth request)
{
    // get base response
    var response = base.Authenticate(authService, session, request);

    // grab the session
    var customSession = authService.GetSession() as CustomUserSession;

    // if response can be cast and customSession exists
    if (response is AuthResponse && customSession != null)
    {
        // cast
        var authResponse = response as AuthResponse;

        // build custom response
        var customAuthResponse = new CustomAuthResponse
            {
                ReferrerUrl = authResponse.ReferrerUrl,
                SessionExpiry = customSession.SessionExpires,
                SessionId = authResponse.SessionId,
                ResponseStatus = authResponse.ResponseStatus,
                UserName = authResponse.UserName
            };
        return customAuthResponse;
    }

    // return the standard response
    return response;
}

这可以正常工作,除非会话已经处于活动状态。在这种情况下, AuthService Post 方法检查有效会话并自动返回标准 AuthResponse,并且没有明显的方法可以覆盖它:

var alreadyAuthenticated = response == null;
response = response ?? new AuthResponse {
    UserName = session.UserAuthName,
    SessionId = session.Id,
    ReferrerUrl = referrerUrl,
};

遵循 Paaschpa 的以下想法,以下强制重新身份验证始终被重新身份验证,但似乎将多个活动会话保持打开状态可能存在风险:

public override bool IsAuthorized(IAuthSession session, IOAuthTokens tokens, Auth request = null)
{
    // force re-authentication. Not great, but no other obvious way to do this
    if (request != null)
    {
        return false; // auth or re-auth calls
    }

    return base.IsAuthorized(session, tokens, request);
}

Can anyone think of a better way to do this? I could implement my own AuthenticationService, but I'm not sure how I would override the AuthFeature?

4

1 回答 1

4

If I understand correctly, you want to return a custom response after a user authenticates against '/auth/credentials'. Since you already have your own CredentialsAuthProvider I think you could just override Authenticate and return your own response.

Subclass of CredentialsAuthProvider

public class MyCredentialsAuthProvider : CredentialsAuthProvider
{
    public override object Authenticate(ServiceStack.ServiceInterface.IServiceBase authService, IAuthSession session, Auth request)
    {
        //let normal authentication happen
        var authResponse = (AuthResponse)base.Authenticate(authService, session, request);

        //return your own class, but take neccessary data from AuthResponse
        return new
            {
                UserName = authResponse.UserName,
                SessionId = authResponse.SessionId,
                ReferrerUrl = authResponse.ReferrerUrl,
                SessionExpires = DateTime.Now
            };

    }
}
于 2013-05-01T17:08:49.943 回答