1

我正在尝试手动创建一个 IAuthSession 并保存它,所以我可以在我的方法上使用属性 [Authenticate],但似乎不起作用。

所以,我有我LoginHandler : Service在哪里做一些自定义代码来登录用户,然后我做:

namespace RequestHandlers
{
    public class LoginHandler : Service
    {
        public object Post(Login request)
        {
            // do magic login code
            if (loginSuccess)
            {
                IAuthSession session = GetSession();
                session.FirstName = "My First name"
                session.IsAuthenticated = true;
                base.Request.SaveSession(session); // save the session??
            }
            else
            {
                throw new UnauthorizedAccessException(pc.GetFaultString());
            }
            return new LoginResponse() { Result = "OK" };
        }
    }
}

然后我希望base.Request.SaveSession(session);保存会话,以便 ServiceStack 稍后检测到它并看到“啊哈,允许使用受保护的方法,因为用户已登录”。

Login 调用的响应是(在 Fiddler 中):

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: ss-id=TwOJExNFhBuVuDna1aDO;path=/;HttpOnly
Set-Cookie: ss-pid=O4bJqgiLWRTFTOgcf2DD;path=/;expires=Mon, 08 Feb 2038 12:39:30 GMT;HttpOnly
X-Powered-By: ServiceStack/5,02 NET45 Win32NT/.NET
Date: Thu, 08 Feb 2018 12:39:31 GMT

f
{"Result":"OK"}
0

所以,我得到了一些带有 pid 的 cookie,我把它作为会话 id?

现在,我有了上面Test运行后的方法Login,应该是可用的,对吧?=)

namespace tWorks.Alfa.Modules.ModuleRestApiService.Services.AlfaConnectService.Requests
{
    [Authenticate]
    [Route("/test")]
    public class Test : IReturn<TestResponse>
    {
        public string Message { get; set; }
    }

    public class TestResponse
    {
        public string Result { get; set; }
    }
}

但事实并非如此,我收到 401 错误:

HTTP/1.1 401 Unauthorized
Transfer-Encoding: chunked
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/5,02 NET45 Win32NT/.NET
WWW-Authenticate: basic realm="/auth/basic"
Date: Thu, 08 Feb 2018 12:40:12 GMT

0

Fiddler 的调用Test是这样的:

POST http://192.168.0.147:8080/alfaconnect/test HTTP/1.1
Host: 192.168.0.147:8080
Accept: application/json
Content-Type: application/json
Content-Length: 18
DeviceUUID: 123asd123
Domain: AlfaOnline
Cookie: ss-id=TwOJExNFhBuVuDna1aDO
Cookie: ss-pid=O4bJqgiLWRTFTOgcf2DD

{"Message": "Hej"}

如您所见,我将登录响应中的 ss-id 和 ss-pid 复制到了测试调用。

我错过了什么?

这是我的 AppHost:

    public class AppHost : AppSelfHostBase
    {
        public AppHost(IModuleController moduleController, IContactModule contactModule) : base("HttpListener Self-Host", typeof(Services.AlfaProService.AlfaProService).Assembly)
        {
        }

        public override void Configure(Funq.Container container)
        {
            Plugins.Add(new AuthFeature(() => new AuthUserSession(),
              new IAuthProvider[] {
                new BasicAuthProvider(), //Sign-in with HTTP Basic Auth
                new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
              }));

            container.Register<ICacheClient>(new MemoryCacheClient());
            var userRep = new InMemoryAuthRepository();
            container.Register<IUserAuthRepository>(userRep);
        }

        public override RouteAttribute[] GetRouteAttributes(Type requestType)
        {
            var routes = base.GetRouteAttributes(requestType);
            if (requestType.FullName.Contains("AlfaConnectService"))
            {
                routes.Each(x => x.Path = "/alfaconnect" + x.Path);
            }
            else if (requestType.FullName.Contains("AlfaProService"))
            {
                routes.Each(x => x.Path = "/alfapro" + x.Path);
            }
            return routes;            
        }
    }
}
4

1 回答 1

1

ServiceStack 还要求session.UserAuthName将 设置为用户名。

所有 ServiceStack 的结构都设计为协同工作,如果您不打算使用 ServiceStack 的 AuthProvider 模型,只需忽略它并实现您自己的身份验证。即忽略所有 ServiceStack 的内置 Auth/Session 功能,而使用您自己的过滤器/验证。

于 2018-02-08T17:01:21.313 回答