ServiceStack:自定义登录方法并创建手册IAuthSession以与[Authenticate]属性一起使用?

时间:2018-02-08 13:01:43

标签: c# servicestack servicestack-auth

我试图手动创建一个IAuthSession并保存它,所以我可以在我的方法上使用属性[Authenticate],但似乎没有用。

所以,我有LoginHandler : Service我在那里做一些自定义代码来登录用户,然后我这样做:

namespace RequestHandlers
{
    public class LoginHandler : Service
    {
        public object Post(Login request)
        {
            // do magic login code
            if (loginSuccess)
            {
                IAuthSession session = GetSession();
                session.FirstName = "My First name"
                session.IsAuthenticated = true;
                base.Request.SaveSession(session); // save the session??
            }
            else
            {
                throw new UnauthorizedAccessException(pc.GetFaultString());
            }
            return new LoginResponse() { Result = "OK" };
        }
    }
}

我当时希望base.Request.SaveSession(session);能保存Session,以便ServiceStack稍后检测到它并看到“aha,允许使用受保护的方法,因为用户已登录”。

登录电话的响应是(在Fiddler中):

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
Set-Cookie: ss-id=TwOJExNFhBuVuDna1aDO;path=/;HttpOnly
Set-Cookie: ss-pid=O4bJqgiLWRTFTOgcf2DD;path=/;expires=Mon, 08 Feb 2038 12:39:30 GMT;HttpOnly
X-Powered-By: ServiceStack/5,02 NET45 Win32NT/.NET
Date: Thu, 08 Feb 2018 12:39:31 GMT

f
{"Result":"OK"}
0

所以,我得到一些带有pid的cookie,我把它当作会话ID?

现在,我在运行上面的Test之后使用了Login方法,应该可用,对吧? =)

namespace tWorks.Alfa.Modules.ModuleRestApiService.Services.AlfaConnectService.Requests
{
    [Authenticate]
    [Route("/test")]
    public class Test : IReturn<TestResponse>
    {
        public string Message { get; set; }
    }

    public class TestResponse
    {
        public string Result { get; set; }
    }
}

但不是,我得到401错误:

HTTP/1.1 401 Unauthorized
Transfer-Encoding: chunked
Vary: Accept
Server: Microsoft-HTTPAPI/2.0
X-Powered-By: ServiceStack/5,02 NET45 Win32NT/.NET
WWW-Authenticate: basic realm="/auth/basic"
Date: Thu, 08 Feb 2018 12:40:12 GMT

0

Fiddler对Test的电话是这样的:

POST http://192.168.0.147:8080/alfaconnect/test HTTP/1.1
Host: 192.168.0.147:8080
Accept: application/json
Content-Type: application/json
Content-Length: 18
DeviceUUID: 123asd123
Domain: AlfaOnline
Cookie: ss-id=TwOJExNFhBuVuDna1aDO
Cookie: ss-pid=O4bJqgiLWRTFTOgcf2DD

{"Message": "Hej"}

如您所见,我将ss-id和ss-pid从Login响应复制到Test调用。

我错过了什么?

这是我的AppHost:

    public class AppHost : AppSelfHostBase
    {
        public AppHost(IModuleController moduleController, IContactModule contactModule) : base("HttpListener Self-Host", typeof(Services.AlfaProService.AlfaProService).Assembly)
        {
        }

        public override void Configure(Funq.Container container)
        {
            Plugins.Add(new AuthFeature(() => new AuthUserSession(),
              new IAuthProvider[] {
                new BasicAuthProvider(), //Sign-in with HTTP Basic Auth
                new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
              }));

            container.Register<ICacheClient>(new MemoryCacheClient());
            var userRep = new InMemoryAuthRepository();
            container.Register<IUserAuthRepository>(userRep);
        }

        public override RouteAttribute[] GetRouteAttributes(Type requestType)
        {
            var routes = base.GetRouteAttributes(requestType);
            if (requestType.FullName.Contains("AlfaConnectService"))
            {
                routes.Each(x => x.Path = "/alfaconnect" + x.Path);
            }
            else if (requestType.FullName.Contains("AlfaProService"))
            {
                routes.Each(x => x.Path = "/alfapro" + x.Path);
            }
            return routes;            
        }
    }
}

1 个答案:

答案 0 :(得分:1)

ServiceStack还要求将session.UserAuthName设置为用户名。

所有ServiceStack的构造都旨在协同工作,如果您不打算使用ServiceStack的AuthProvider模型,请忽略它并实现您自己的身份验证。即忽略所有ServiceStack的内置Auth / Session功能,而是使用您自己的过滤器/验证。

相关问题
最新问题