我尝试使用ServiceStack的基本身份验证,但即使在传递了正确的凭据后,我也收到了错误:
[Authenticate: 6/16/2014 4:00:22 AM]: [REQUEST: {UserName:john,Password:test}]
ServiceStack.HttpError: Invalid BasicAuth credentials at
ServiceStack.Auth.BasicAuthProvider.Authenticate(IServiceBase authService, IAuthSession
session, Authenticate request) at
ServiceStack.Auth.AuthenticateService.Authenticate(Authenticate request, String provider,
IAuthSession session, IAuthProvider oAuthConfig) at
ServiceStack.Auth.AuthenticateService.Post(Authenticate request) at
ServiceStack.Auth.AuthenticateService.Get(Authenticate request) at lambda_method(Closure ,
Object , Object ) at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object
instance, TRequest requestDto)
我的AppHost.cs类配置功能中的代码行如下:
// Register AuthFeature with custom user session and Basic auth provider
Plugins.Add(new AuthFeature(
() => new AuthUserSession(),
new AuthProvider[] { new BasicAuthProvider() }
));
Plugins.Add(new RegistrationFeature());
// register storage for user sessions
container.Register<ICacheClient>(new MemoryCacheClient());
container.Register<ISessionFactory>(c => new SessionFactory(c.Resolve<ICacheClient>()));
var userRep = new InMemoryAuthRepository();
container.Register<IUserAuthRepository>(userRep);
//Add a user for testing purposes
string hash;
string salt;
new SaltedHash().GetHashAndSaltString("test", out hash, out salt);
userRep.CreateUserAuth(new UserAuth
{
Id = 1,
DisplayName = "DisplayName",
Email = "as@if.com",
UserName = "john",
FirstName = "FirstName",
LastName = "LastName",
PasswordHash = hash,
Salt = salt,
}, "test");
我用于身份验证的网址是:
http://<domain>:63743/auth?Username=john&Password=test
请让我知道这种行为的根本原因是什么?
答案 0 :(得分:1)
看起来你没有正确使用Basic Auth,ServiceStack中的BasicAuthProvider表示HTTP Basic Auth :(即它并不意味着简单验证)。
我们的ServiceClients中启用了BasicAuth支持,其中一些示例位于AuthTests.cs:
您发送 HTTP Basic Auth 的方式是使用Authorization HTTP标头,例如:
Authorization: basic {bas64encoded user:pass}
以下是sending HTTP Basic Auth with a WebRequest的示例:
var base64Token = Convert.ToBase64String(
Encoding.UTF8.GetBytes(AllowedUser + ":" + AllowedPass));
var req = (HttpWebRequest)WebRequest.Create("http://domain.com/secure");
req.Headers["Authorization"] = "basic " + base64Token;
如果您想通过网址登录,则需要注册CredentialsAuthProvider,即:
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new AuthProvider[] { new CredentialsAuthProvider() }
));
您可以通过以下网址登录:
/auth/credentials?Username=john&Password=test
如果您愿意,可以provide your own Custom Auth Provider继承CredentialsAuthProvider并使用自己的自定义实现覆盖TryAuthenticate,例如:
public class CustomCredentialsAuthProvider : CredentialsAuthProvider
{
public override bool TryAuthenticate(IServiceBase authService,
string userName, string password)
{
return userName == "john" && password == "test";
}
}
然后您可以注册:
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new AuthProvider[] {
new CustomCredentialsAuthProvider(),
}
));