如何在Ruby中通过HTTP执行基本身份验证

如何在Ruby中通过HTTP执行基本身份验证

本文介绍了如何在Ruby中通过HTTP执行基本身份验证?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

看了很多之后,我发现了一些似乎可行的解决方案,但是对我来说却不行.

After looking a lot, I've found some solutions that seem working, but not for me...

例如,我有这个脚本:

require 'net/http'
require "net/https"

@http=Net::HTTP.new('www.xxxxxxx.net', 443)
@http.use_ssl = true
@http.verify_mode = OpenSSL::SSL::VERIFY_NONE
@http.start() {|http|
    req = Net::HTTP::Get.new('/gb/PastSetupsXLS.asp?SR=31,6')
    req.basic_auth 'my_user', 'my_password'
    response = http.request(req)
    print response.body
}

当我运行它时,它会给我一个页面,要求进行身份验证,但是如果我在浏览器中编写以下URL,则可以毫无问题地进入该网站:

When I run it, it gives me a page that requests for authentication, but if I write the following URL in the browser, I get into the website without problems:

https://my_user:[email protected]/gb/PastSetupsXLS.asp?SR=31,6

我也尝试过使用open-uri:

I have also tried with open-uri:

module OpenSSL
    module SSL
        remove_const :VERIFY_PEER
    end
end
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

def download(full_url, to_here)
    writeOut = open(to_here, "wb")
    writeOut.write(open(full_url, :http_basic_authentication=>["my_user", "my_password"]).read)
    writeOut.close
end

download('https://www.xxxxxxx.net/gb/PastSetupsXLS.asp?SR=31,6', "target_file.html")

但是结果是一样的,该站点正在要求用户身份验证.我在做什么错的任何提示?我必须在Base 64中对密码进行编码吗?

But the result is the same, the site is asking for user authentication.Any tips of what am I doing wrong?. Must I encode the password in Base 64?

推荐答案

我根据 Net :: HTTP docs 并在我的本地WAMP服务器上进行了测试-正常.这就是我所拥有的:

I wrote a piece of code based on examples given in the Net::HTTP docs and tested it on my local WAMP server - it works fine. Here's what I have:

require 'net/http'
require 'openssl'

uri = URI('https://localhost/')

Net::HTTP.start(uri.host, uri.port,
  :use_ssl => uri.scheme == 'https',
  :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |http|

  request = Net::HTTP::Get.new uri.request_uri
  request.basic_auth 'matt', 'secret'

  response = http.request request # Net::HTTPResponse object

  puts response
  puts response.body
end

我的.htaccess文件如下所示:

AuthName "Authorization required"
AuthUserFile c:/wamp/www/ssl/.htpasswd
AuthType basic
Require valid-user

我的.htpasswd只是用htpasswd -c .htpasswd matt生成的用于密码秘密"的一个衬纸.当我运行代码时,我得到"200 OK"和index.html的内容.如果删除request.basic_auth行,则会出现401错误.

My .htpasswd is just a one liner generated with htpasswd -c .htpasswd matt for password "secret". When I run my code I get "200 OK" and contents of index.html. If I remove the request.basic_auth line, I get 401 error.

更新:

如评论中的@stereoscott所示,我在示例中使用的:verify_mode值(OpenSSL::SSL::VERIFY_NONE)对于生产而言并不安全.

As indicated by @stereoscott in the comments, the :verify_mode value I used in the example (OpenSSL::SSL::VERIFY_NONE) is not safe for production.

OpenSSL :: SSL :: SSLContext 文档为:VERIFY_NONE,VERIFY_PEER,VERIFY_CLIENT_ONCE,VERIFY_FAIL_IF_NO_PEER_CERT,其中的(根据 OpenSSL文档)在客户端模式下仅使用前两个文档.

All available options listed in the OpenSSL::SSL::SSLContext docs are: VERIFY_NONE, VERIFY_PEER, VERIFY_CLIENT_ONCE, VERIFY_FAIL_IF_NO_PEER_CERT, out of which (according to the OpenSSL docs) only the first two ones are used in the client mode.

因此,应在生产环境中使用VERIFY_PEER,该产品是默认,因此您可以完全跳过它.

So VERIFY_PEER should be used on production, which is the default btw, so you can skip it entirely.

这篇关于如何在Ruby中通过HTTP执行基本身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!