问题描述
我创建了一个调用AuthenticateService并验证用户身份的TestService.在调用TestService之前,我清除了所有cookie,以确保一旦获得响应,我都会得到ss-id和ss-pid cookie.
I created a TestService that calls the AuthenticateService and authenticates the user. Before calling the TestService I cleared all of my cookies to make sure that once I get the response I get the ss-id and ss-pid cookies, which I do get.
AppHost配置:(SS v4.0.8.0)
AppHost Configuration: (SS v4.0.8.0)
//Plugins
Plugins.Add(new RazorFormat());
Plugins.Add(new SessionFeature());
Plugins.Add(new AuthFeature(() => new CustomUserSession(),
new IAuthProvider[] { new CustomCredentialsAuthProvider() }));
container.Register<ICacheClient>(new MemoryCacheClient());
我的CustomCredentialsAuthProvider:
public class CustomCredentialsAuthProvider : CredentialsAuthProvider
{
public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
{
// Custom Auth Logic
// Return true if credentials are valid, otherwise false
// bool isValid = Membership.ValidateUser(userName, password);
return true;
}
public override void OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
{
base.OnAuthenticated(authService, session, tokens, authInfo);
var loginManager = authService.TryResolve<LoginManager>();
var loginInfo = loginManager.GetLoginInfo(session.UserAuthName);
authService.SaveSession(loginInfo.CustomUserSession, SessionExpiry);
}
}
我的TestService:
public class TestService : Service
{
public object Any(Test request)
{
var response = new TestResponse();
var authService = base.ResolveService<AuthenticateService>();
var authResponse = authService.Authenticate(new Authenticate
{
UserName = "user",
Password = "password",
RememberMe = false
});
base.Request.ResponseContentType = MimeTypes.Html; //Temporary workaround, will not be needed in v4.0.9+
return response;
}
}
因此,回顾一下.我点击了TestService,对用户进行身份验证,返回响应,并确保响应包含ss-id和ss-pid cookie.现在,我尝试找到另一个具有[Authenticate]属性的服务.我在服务中的断点从未命中,我在浏览器中得到了这个响应.
So, to recap. I hit the TestService, authenticate the user, return response and make sure the response contains the ss-id and ss-pid cookies. Now I try to hit another service that has the [Authenticate] attribute. My breakpoint in the service never hits and I get this response in the browser.
Request.HttpMethod:GET Request.PathInfo:/login Request.QueryString:ServiceStack.NameValueCollectionWrapper
Request.RawUrl:/login?redirect = http%3a%2f%2flocalhost%3a50063%2fBOP%2fbasic-info-2
Request.HttpMethod: GET Request.PathInfo: /login Request.QueryString: ServiceStack.NameValueCollectionWrapper
Request.RawUrl:/login?redirect=http%3a%2f%2flocalhost%3a50063%2fBOP%2fbasic-info-2
我尝试在服务方法和整个服务上应用[Authenticate]属性,结果相同.我已经测试过,如果[Authenticate]属性被注释掉了,那么我可以进入服务方法,这是可行的,所以它不是服务配置问题或路由问题.
I have tried applying the [Authenticate] attribute over the service method and over the whole service, with the same result. I have tested that I can get to the service methods if the [Authenticate] attribute is commented out, which works, so it is not service config issue or route issue.
我还创建了两个服务方法/basic-info-1和/basic-info-2. /basic-info-2具有[Authenticate]属性,而basic-info-1没有.进行身份验证后,我可以毫无问题地进入basic-info-1,并且还确认我可以进入OnAuthenticated()方法中保存的会话信息.对于/basic-info-2,我收到该处理程序错误.
I also created two service methods /basic-info-1 and /basic-info-2. /basic-info-2 has the [Authenticate] attribute and basic-info-1 does not. After authenticating, I am able to get to basic-info-1 without issues and have also confirmed that I can get to the session information that was saved in the OnAuthenticated() method. For /basic-info-2 I get that handler error.
我不确定[Authenticate]属性中会发生什么,但是从该处理程序错误的外观来看,身份验证失败,并且SS尝试将我重定向到我的项目中不存在的/login,因此发生了处理程序错误.我想知道为什么authenticate属性不能识别我的ss-id和ss-pid cookie?
I am not sure what happens in the [Authenticate] attribute but from the looks of that handler error, the authentication fails and SS tries to redirect me to /login which does not exist in my project hence the handler error. I wonder why the authenticate attribute is not recognizing my ss-id and ss-pid cookies?
推荐答案
诊断:
使用/test进行身份验证后,应检查未经身份验证的方法(/basic-info-1)返回的会话.如果会话正常工作,则应该在会话上正确设置UserAuthId,UserAuthName和Id.似乎没有正确设置这些属性,因此[Authenticate]属性没有看到有效的会话.
Diagnosis:
You should check the session being returned in your unauthenticated method (/basic-info-1), after you have authenticated using /test. If your session is working correctly you should see UserAuthId, UserAuthName and Id correctly set on the session. It doesn't appear these are correctly set and the [Authenticate] attribute therefore doesn't see a valid session.
您的OnAuthenticated方法中可能存在此问题,特别是您的LoginManager在保存会话时未正确返回这些值.
The problem is likely in your OnAuthenticated method, specifically your LoginManager is not correctly returning these values when you save the session.
根据您的代码:
var loginManager = authService.TryResolve<LoginManager>();
var loginInfo = loginManager.GetLoginInfo(session.UserAuthName);
authService.SaveSession(loginInfo.CustomUserSession, SessionExpiry);
-
loginInfo.CustomUserSession.UserAuthId是null -
loginInfo.CustomUserSession.UserAuthName是null -
loginInfo.CustomUserSession.Id是null loginInfo.CustomUserSession.UserAuthIdisnullloginInfo.CustomUserSession.UserAuthNameisnullloginInfo.CustomUserSession.Idisnull
在调用SaveSession之前正确设置这些属性.
Correctly set those attributes before calling SaveSession.
这篇关于ServiceStack身份验证[Authenticate]属性无法处理ss-id和ss-pid的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!