Question

我对如何向服务器提供质询以进行身份验证感到困惑。它是一个RESTFul架构。从我的服务器，我回来了：

function authenticate()
    {
        $realm = 'Logging';
        $users = array('admin' => 'mypass', 'guest' => 'guest');
      if (empty($_SERVER['PHP_AUTH_DIGEST']))
      {
            header('HTTP/1.1 401 Unauthorized');
            //header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
            echo json_encode(array("realm"=>$realm,"qop"=>"auth","nonce"=>uniqid(),"opaque"=>md5($realm)));         
            exit;      
      }

        // analyze the PHP_AUTH_DIGEST variable
      if (!($data = MyFunction::http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || !isset($users[$data['username']]))
         die('Wrong Credentials!');

       // generate the valid response
      $A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
      $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
      $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);

      if ($data['response'] != $valid_response) die('Wrong Credentials!');
        // ok, valid username & password
        echo 'You are logged in as: ' . $data['username'];
        exit;   
    }

现在在客户端上，我如何提供包含服务器的用户名和密码的挑战？只需告诉我需要使用从服务器获取的值执行的过程。

Answer 1

关于如何使用AJAX and jQuery完成身份验证过程存在类似的问题，这可能有助于缩小差距。

从服务器获取质询后的RESTFul身份验证

1 个答案: