NancyFx RequiresAuthentication扩展返回303,而不是403 [英] NancyFx RequiresAuthentication extension returns 303 and not 403
问题描述
我不确定我做错了什么还是有某种错误.如果是错误,那么我想这会立即出现.无论哪种方式:
I'm not sure if I'm doing something wrong or there's a bug of some kind. If it is a bug, then I'd think this would have cropped up immediately. Either way:
我正在从这里使用扩展方法RequiresAuthentication:
I'm using the extension method RequiresAuthentication from here:
使用SecurityHooks的
Which uses SecurityHooks
或者代码:
public static void RequiresAuthentication(this INancyModule module)
{
module.AddBeforeHookOrExecute(SecurityHooks.RequiresAuthentication(), "Requires Authentication");
}
SecurityHooks:
SecurityHooks:
public static Func<NancyContext, Response> RequiresAuthentication()
{
return UnauthorizedIfNot(ctx => ctx.CurrentUser.IsAuthenticated());
}
private static Func<NancyContext, Response> UnauthorizedIfNot(Func<NancyContext, bool> test)
{
return HttpStatusCodeIfNot(HttpStatusCode.Unauthorized, test);
}
private static Func<NancyContext, Response> HttpStatusCodeIfNot(HttpStatusCode statusCode, Func<NancyContext, bool> test)
{
return (ctx) =>
{
Response response = null;
if (!test(ctx))
{
response = new Response { StatusCode = statusCode };
}
return response;
};
}
您会看到HttpStatusCode.如果用户未通过身份验证,则应返回未经授权的 .似乎很容易.当我拨打AJAX到类似这样的路线时:
As you can see HttpStatusCode.Unauthorized should be returned if the user isn't authenticated. Seems easy enough. When I make an AJAX call to a route like:
Post["/comment/flag/{Id}"] = s =>
{
this.RequiresAuthentication();
return new IdResponse { Id = commentRepo.FlagComment(Context.CurrentUser.UserName, s.Id) };
};
我找回303,然后将其重定向为200的登录URL.完全没想到.
I'm getting back a 303, which then redirects to the login URL with a 200. Yucky. Not expected at all.
只是为了确保我并不完全疯,所以我做了以下工作,并且效果很好:
Just to make sure I'm not totally crazy, I did the following and it worked fine:
Post["/comment/{Id}"] = s =>
{
if ((Context.CurrentUser == null) ||
String.IsNullOrWhiteSpace(Context.CurrentUser.UserName))
{
return HttpStatusCode.Forbidden;
}
var req = this.Bind<CommentRequest>();
return commentRepo.AddComment(Context.CurrentUser.UserName, s.Id, req.Comment);
};
这将返回预期的403.但是谁想要将其粘贴到整个地方...而不是我.我试图弄清楚如何编写自己的在路由运行之前执行的东西,但是我是Nancy的新手.
This returns the expected 403. But who wants to paste this all over the place...not me. I'm trying to figure out how to write my own thing that executes before the route is run but I'm new to Nancy.
奇怪的是,如果我更改了:
Curiously, if I change the:
return HttpStatusCode.Forbidden;
变成
return new Response { StatusCode = HttpStatusCode.Forbidden };
然后我再次得到303和200响应.似乎有些破损.谁能给我一些见解或对我做错事情的解答?南希对我来说似乎很糟糕,特别是Response类...
Then I get the 303 and 200 responses again. Something seems broken. Can anyone give me some insight or an answer of what I'm doing wrong? Nancy seems broken to me, specifically the Response class...
推荐答案
当前,它返回HttpStatusCode.Unauthorized或似乎正确的401.我也尝试将ContentType设置为application/json,但这没有帮助.
Currently it returns HttpStatusCode.Unauthorized or a 401 which seems to be correct. I tried setting the ContentType to application/json as well and that didn't help.
当我将其更改为返回403时,它会发送回403.尽管从技术上讲,我认为这不是正确的响应,但比我之前获得的神秘303更好.
When I changed it to return a 403 it sends back a 403. Although I suppose technically this isn't the correct response, it is better then the mysterious 303 I was getting before.
这篇关于NancyFx RequiresAuthentication扩展返回303,而不是403的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
