Question

我正在尝试在我的域名/ admin下设置非常基本的摘要式身份验证（实际上，它是一个子域名）。我在bootstrap.php：

中注册了身份验证程序

protected function _initAdminArea()
    {
        //setup protected area
        $config = array(
            'accept_schemes'    => 'digest',
            'realm'             => 'administration',
            'digest_domains'    => '/admin',
            'nonce_timeout'     => 3600
        );
        $authAdapter = new Zend_Auth_Adapter_Http($config);
        $digestResolver = new Zend_Auth_Adapter_Http_Resolver_File(APPLICATION_PATH . '/../data/admins.txt');
        $authAdapter->setDigestResolver($digestResolver);

            //set storage
        $storage = new Zend_Auth_Storage_NonPersistent();
        Zend_Auth::getInstance()->setStorage($storage);

        //dispatch auth adapter using plugin
        $loader = new Zend_Loader_PluginLoader(array('Application_Plugin' => APPLICATION_PATH . '/plugins'), 'auth');
        $AdminAuth = $loader->load('AdminAuth');
        $auth = new $AdminAuth($authAdapter);

        //register plugin
        Zend_Controller_Front::getInstance()->registerPlugin($auth);
    }

然后，我请求用户使用插件AdminAuth.php登录每个请求：

require_once 'Zend/Auth.php';
require_once 'Zend/Controller/Plugin/Abstract.php';
require_once 'Zend/Auth/Adapter/Interface.php';

class Application_Plugin_AdminAuth extends Zend_Controller_Plugin_Abstract
{
    /**
     * The HTTP Auth adapter
     */
    protected $adapter;


    /**
     * Constructor
     *
     * @param Zend_Auth_Adapter_Interface
     */
    public function __construct(Zend_Auth_Adapter_Interface $adapter)
    {
        $this->adapter = $adapter;
    }

    /**
     * Dispatch Loop Startup hook
     *
     * Called before Zend_Controller_Front enters its dispatch loop. This uses 
     * the authentication adapter to check if the user submitted valid login
     * credentials. If not, the request is changed to point to the 
     * authenticateAction, instead of the requested action.
     *
     * @param Zend_Controller_Request_Abstract $request
     */
    public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
    {     
        $this->adapter->setRequest($this->_request);
        $this->adapter->setResponse($this->_response);
        $result = $this->adapter->authenticate();

        if (!$result->isValid()) {
            echo 'auth failure';
        }
    }
}

这似乎工作正常。但是，身份验证始终失败。我已多次检查客户端和服务器MD5哈希，并且它们是正确的。这就是admins.txt的样子：

peter:administration:1f7758428f7646706dbdcfe8d754427a

我还尝试将摘要更改为基本身份验证，并将MD5哈希值更改为纯文本。但是，身份验证仍然失败。

当我在控制台中执行以下命令时：

curl --digest -u peter:password http://sub.domain.com/admin -v

我得到以下输出：

    * About to connect() to sub.domain.com port 80 (#0)
*   Trying 83.96.149.65... connected
* Connected to sub.domain.com (83.96.149.65) port 80 (#0)
* Server auth using Digest with user 'peter'
> GET /admin HTTP/1.1
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: sub.domain.com
> Accept: */*
> 
< HTTP/1.1 401 Authorization Required
< Date: Mon, 25 Jul 2011 14:04:38 GMT
< Server: Apache/2.2.19 (Unix)
< X-Powered-By: PHP/5.2.17
< Www-Authenticate: Digest realm="administration", domain="/admin", nonce="3f624929a274a868c0fc0188a3c49c8e", opaque="d75db7b160fe72d1346d2bd1f67bfd10", algorithm="MD5", qop="auth"
< X-Powered-By: PleskLin
< Content-Length: 1630
< Connection: close
< Content-Type: text/html
< 
* Closing connection #0
* Issue another request to this URL: 'http://sub.domain.com/admin'
* About to connect() to sub.domain.com port 80 (#0)
*   Trying 83.96.149.65... connected
* Connected to sub.domain.com (83.96.149.65) port 80 (#0)
* Server auth using Digest with user 'peter'
> GET /admin HTTP/1.1
> Authorization: Digest username="peter", realm="administration", nonce="3f624929a274a868c0fc0188a3c49c8e", uri="/admin", cnonce="MDA5ODU4", nc=00000001, qop="auth", response="28a907e1fe4b537264695bd456512f65", opaque="d75db7b160fe72d1346d2bd1f67bfd10", algorithm="MD5"
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: sub.domain.com
> Accept: */*
> 
< HTTP/1.1 401 Authorization Required
< Date: Mon, 25 Jul 2011 14:04:38 GMT
< Server: Apache/2.2.19 (Unix)
< X-Powered-By: PHP/5.2.17
* Authentication problem. Ignoring this.
< Www-Authenticate: Digest realm="administration", domain="/admin", nonce="3f624929a274a868c0fc0188a3c49c8e", opaque="d75db7b160fe72d1346d2bd1f67bfd10", algorithm="MD5", qop="auth"
< X-Powered-By: PleskLin
< Content-Length: 1630
< Connection: close
< Content-Type: text/html
< 
auth failure

特别注意Authentication problem. Ignoring this.有没有人知道可能出现什么问题？我100％确定提供的用户凭证是正确的（我还检查过大写字母等）。

Answer 1

我最好的猜测是您没有以HA1格式存储凭据。这是Zend_Auth_Adapter_Http写的：

摘要式身份验证期望接收用户的用户名，领域和密码（每个用冒号分隔）的哈希值。目前，唯一支持的哈希算法是MD5。

在你的情况下，这将是：

MD5(peter:administration:password) = 1aab17d17d4ace84fcf6e2230e8775ea

Zend Digest / Basic身份验证失败

1 个答案: