本文介绍了ServiceStack身份验证[Authenticate]属性无法处理ss-id和ss-pid的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我创建了一个调用AuthenticateService并验证用户身份的TestService.在调用TestService之前,我清除了所有cookie,以确保一旦获得响应,我都会得到ss-idss-pid cookie.

I created a TestService that calls the AuthenticateService and authenticates the user. Before calling the TestService I cleared all of my cookies to make sure that once I get the response I get the ss-id and ss-pid cookies, which I do get.

AppHost配置:(SS v4.0.8.0)

AppHost Configuration: (SS v4.0.8.0)

//Plugins
Plugins.Add(new RazorFormat());
Plugins.Add(new SessionFeature());
Plugins.Add(new AuthFeature(() => new CustomUserSession(),
            new IAuthProvider[] { new CustomCredentialsAuthProvider() }));

container.Register<ICacheClient>(new MemoryCacheClient());

我的CustomCredentialsAuthProvider:

public class CustomCredentialsAuthProvider : CredentialsAuthProvider
{
    public override bool TryAuthenticate(IServiceBase authService, string userName, string password)
    {
        // Custom Auth Logic
        // Return true if credentials are valid, otherwise false
        // bool isValid = Membership.ValidateUser(userName, password);
        return true;
    }

    public override void OnAuthenticated(IServiceBase authService, IAuthSession session, IAuthTokens tokens, Dictionary<string, string> authInfo)
    {
        base.OnAuthenticated(authService, session, tokens, authInfo);

        var loginManager = authService.TryResolve<LoginManager>();
        var loginInfo = loginManager.GetLoginInfo(session.UserAuthName);

        authService.SaveSession(loginInfo.CustomUserSession, SessionExpiry);
    }
}

我的TestService:

public class TestService : Service
{       
    public object Any(Test request)
    {
        var response = new TestResponse();

        var authService = base.ResolveService<AuthenticateService>();            
        var authResponse = authService.Authenticate(new Authenticate
        {
            UserName = "user",
            Password = "password",
            RememberMe = false
        });           

        base.Request.ResponseContentType = MimeTypes.Html;  //Temporary workaround, will not be needed in v4.0.9+

        return response;
    }
}

因此,回顾一下.我点击了TestService,对用户进行身份验证,返回响应,并确保响应包含ss-idss-pid cookie.现在,我尝试找到另一个具有[Authenticate]属性的服务.我在服务中的断点从未命中,我在浏览器中得到了这个响应.

So, to recap. I hit the TestService, authenticate the user, return response and make sure the response contains the ss-id and ss-pid cookies. Now I try to hit another service that has the [Authenticate] attribute. My breakpoint in the service never hits and I get this response in the browser.

Request.HttpMethod:GET Request.PathInfo:/login Request.QueryString:ServiceStack.NameValueCollectionWrapper
Request.RawUrl:/login?redirect = http%3a%2f%2flocalhost%3a50063%2fBOP%2fbasic-info-2

Request.HttpMethod: GET Request.PathInfo: /login Request.QueryString: ServiceStack.NameValueCollectionWrapper
Request.RawUrl:/login?redirect=http%3a%2f%2flocalhost%3a50063%2fBOP%2fbasic-info-2

我尝试在服务方法和整个服务上应用[Authenticate]属性,结果相同.我已经测试过,如果[Authenticate]属性被注释掉了,那么我可以进入服务方法,这是可行的,所以它不是服务配置问题或路由问题.

I have tried applying the [Authenticate] attribute over the service method and over the whole service, with the same result. I have tested that I can get to the service methods if the [Authenticate] attribute is commented out, which works, so it is not service config issue or route issue.

我还创建了两个服务方法/basic-info-1/basic-info-2. /basic-info-2具有[Authenticate]属性,而basic-info-1没有.进行身份验证后,我可以毫无问题地进入basic-info-1,并且还确认我可以进入OnAuthenticated()方法中保存的会话信息.对于/basic-info-2,我收到该处理程序错误.

I also created two service methods /basic-info-1 and /basic-info-2. /basic-info-2 has the [Authenticate] attribute and basic-info-1 does not. After authenticating, I am able to get to basic-info-1 without issues and have also confirmed that I can get to the session information that was saved in the OnAuthenticated() method. For /basic-info-2 I get that handler error.

我不确定[Authenticate]属性中会发生什么,但是从该处理程序错误的外观来看,身份验证失败,并且SS尝试将我重定向到我的项目中不存在的/login,因此发生了处理程序错误.我想知道为什么authenticate属性不能识别我的ss-idss-pid cookie?

I am not sure what happens in the [Authenticate] attribute but from the looks of that handler error, the authentication fails and SS tries to redirect me to /login which does not exist in my project hence the handler error. I wonder why the authenticate attribute is not recognizing my ss-id and ss-pid cookies?

推荐答案

诊断:

使用/test进行身份验证后,应检查未经身份验证的方法(/basic-info-1)返回的会话.如果会话正常工作,则应该在会话上正确设置UserAuthIdUserAuthNameId.似乎没有正确设置这些属性,因此[Authenticate]属性没有看到有效的会话.

Diagnosis:

You should check the session being returned in your unauthenticated method (/basic-info-1), after you have authenticated using /test. If your session is working correctly you should see UserAuthId, UserAuthName and Id correctly set on the session. It doesn't appear these are correctly set and the [Authenticate] attribute therefore doesn't see a valid session.

您的OnAuthenticated方法中可能存在此问题,特别是您的LoginManager在保存会话时未正确返回这些值.

The problem is likely in your OnAuthenticated method, specifically your LoginManager is not correctly returning these values when you save the session.

根据您的代码:

var loginManager = authService.TryResolve<LoginManager>();
var loginInfo = loginManager.GetLoginInfo(session.UserAuthName); 

authService.SaveSession(loginInfo.CustomUserSession, SessionExpiry);

  • loginInfo.CustomUserSession.UserAuthIdnull
  • loginInfo.CustomUserSession.UserAuthNamenull
  • loginInfo.CustomUserSession.Idnull
    • loginInfo.CustomUserSession.UserAuthId is null
    • loginInfo.CustomUserSession.UserAuthName is null
    • loginInfo.CustomUserSession.Id is null
    • 在调用SaveSession之前正确设置这些属性.

      Correctly set those attributes before calling SaveSession.

      这篇关于ServiceStack身份验证[Authenticate]属性无法处理ss-id和ss-pid的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

11-03 15:30