我试图手动创建一个IAuthSession并保存它,所以我可以在我的方法上使用属性[Authenticate],但似乎没有用。
所以,我有LoginHandler : Service
我在那里做一些自定义代码来登录用户,然后我这样做:
namespace RequestHandlers
{
public class LoginHandler : Service
{
public object Post(Login request)
{
// do magic login code
if (loginSuccess)
{
IAuthSession session = GetSession();
session.FirstName = "My First name"
session.IsAuthenticated = true;
base.Request.SaveSession(session); // save the session??
}
else
{
throw new UnauthorizedAccessException(pc.GetFaultString());
}
return new LoginResponse() { Result = "OK" };
}
}
}
我当时希望base.Request.SaveSession(session);
能保存Session,以便ServiceStack稍后检测到它并看到“aha,允许使用受保护的方法,因为用户已登录”。
登录电话的响应是(在Fiddler中):
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: ss-id=TwOJExNFhBuVuDna1aDO;path=/;HttpOnly
Set-Cookie: ss-pid=O4bJqgiLWRTFTOgcf2DD;path=/;expires=Mon, 08 Feb 2038 12:39:30 GMT;HttpOnly
X-Powered-By: ServiceStack/5,02 NET45 Win32NT/.NET
Date: Thu, 08 Feb 2018 12:39:31 GMT
f
{"Result":"OK"}
0
所以,我得到一些带有pid的cookie,我把它当作会话ID?
现在,我在运行上面的Test
之后使用了Login
方法,应该可用,对吧? =)
namespace tWorks.Alfa.Modules.ModuleRestApiService.Services.AlfaConnectService.Requests
{
[Authenticate]
[Route("/test")]
public class Test : IReturn<TestResponse>
{
public string Message { get; set; }
}
public class TestResponse
{
public string Result { get; set; }
}
}
但不是,我得到401错误:
HTTP/1.1 401 Unauthorized
Transfer-Encoding: chunked
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/5,02 NET45 Win32NT/.NET
WWW-Authenticate: basic realm="/auth/basic"
Date: Thu, 08 Feb 2018 12:40:12 GMT
0
Fiddler对Test
的电话是这样的:
POST http://192.168.0.147:8080/alfaconnect/test HTTP/1.1
Host: 192.168.0.147:8080
Accept: application/json
Content-Type: application/json
Content-Length: 18
DeviceUUID: 123asd123
Domain: AlfaOnline
Cookie: ss-id=TwOJExNFhBuVuDna1aDO
Cookie: ss-pid=O4bJqgiLWRTFTOgcf2DD
{"Message": "Hej"}
如您所见,我将ss-id和ss-pid从Login响应复制到Test调用。
我错过了什么?
这是我的AppHost:
public class AppHost : AppSelfHostBase
{
public AppHost(IModuleController moduleController, IContactModule contactModule) : base("HttpListener Self-Host", typeof(Services.AlfaProService.AlfaProService).Assembly)
{
}
public override void Configure(Funq.Container container)
{
Plugins.Add(new AuthFeature(() => new AuthUserSession(),
new IAuthProvider[] {
new BasicAuthProvider(), //Sign-in with HTTP Basic Auth
new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
}));
container.Register<ICacheClient>(new MemoryCacheClient());
var userRep = new InMemoryAuthRepository();
container.Register<IUserAuthRepository>(userRep);
}
public override RouteAttribute[] GetRouteAttributes(Type requestType)
{
var routes = base.GetRouteAttributes(requestType);
if (requestType.FullName.Contains("AlfaConnectService"))
{
routes.Each(x => x.Path = "/alfaconnect" + x.Path);
}
else if (requestType.FullName.Contains("AlfaProService"))
{
routes.Each(x => x.Path = "/alfapro" + x.Path);
}
return routes;
}
}
}
答案 0 :(得分:1)
ServiceStack还要求将session.UserAuthName
设置为用户名。
所有ServiceStack的构造都旨在协同工作,如果您不打算使用ServiceStack的AuthProvider模型,请忽略它并实现您自己的身份验证。即忽略所有ServiceStack的内置Auth / Session功能,而是使用您自己的过滤器/验证。