如何维护会话信息accros认证 [英] How to maintain session information accros authentication

问题描述

我使用ServiceStack认证通过一个自定义会话对象。我把一切都设置了不同的身份验证提供者和一切工作正常。

I using ServiceStack authentication with a custom session object. I've got everything set up with different authentication providers and everything is working fine.

现在一想存储在会话中的某些信息的用户进行身份验证之前（想想购物车）。但是，我们失去了信息，当用户登录后英寸纵观文档这在code是有道理的：

Now a want to store some information in the session before the user is authenticated (Think shopping cart). But we loose that information when the user logs in later. Looking at the code in the documentation this makes sense:

Plugins.Add(new AuthFeature(() => new AuthUserSession(),
  new IAuthProvider[] { 
    new BasicAuthProvider(), //Sign-in with Basic Auth
    new CredentialsAuthProvider(), //HTML Form post of UserName/Password credentials
  }));

认证删除每当。这是有道理的，当旧的登录名是有效的用户在用户登录，你想确保它完全注销现有会话。然而在当前会话没有验证似乎没有被太多的理由这样做。

The authentication removes the existing session whenever a user logs in. This makes sense when the old login is a valid user, you want to make sure it's fully logged out. However when the current session isn't authenticated there doesn't seem to be much reason to do so.

我一直在寻找一个自定义会话工厂，但是这并不能帮助我，因为作为（）=＆GT;新AuthUserSession（）显示，没有任何上下文创建新的会话时使用。如果没有办法让旧的会话有我有没有办法的信息拷贝。

I've been looking at a custom session factory, but that doesn't help me because as () => new AuthUserSession() shows, there isn't any context to use when creating the new session. Without a way to get the old session there I've got no way to copy any information.

我可以解决它通过覆盖 AuthProvider.Authenticate（）并调用基抢前所需的信息。但是，这意味着我们会利用每一个认证供应商，我们可能会在未来使用的人这样做。这并不觉得自己是正确的解决方案。

I can work around it by overriding AuthProvider.Authenticate() and grab the required information before calling base. But that means doing so in every authentication provider we use and the ones we might use in the future. That doesn't really feel like the correct solution.

有没有进行整个身份验证信息的更清洁的方式？ preferably一些东西，工作中使用的AuthProvider无关。

Is there a cleaner way to carry information across the authentication? Preferably something which works regardless of the AuthProvider used.

推荐答案

虽然<一个href=\"https://github.com/ServiceStack/ServiceStack/wiki/Sessions#using-typed-sessions-in-servicestack\"相对=nofollow>键入的会话验证后重新创建，请查看永久和临时会话ID 的本身仍然可以让你使用ServiceStack动态<同一STRONG> SessionBag 以存储有关您可以在您的服务与设置用户信息：

Whilst the Typed Sessions are re-created after authenticating, the Permanent and Temporary Session Ids themselves remain the same which lets you use ServiceStack's dynamic SessionBag to store information about a user which you can set in your Services with:

public class UnAuthInfo
{
    public string CustomInfo { get; set; }
}

public class MyServices : Service
{
    public object Any(Request request)
    {
        var unAuthInfo = SessionBag.Get<UnAuthInfo>(typeof(UnAuthInfo).Name) 
            ?? new UnAuthInfo();
        unAuthInfo.CustomInfo = request.CustomInfo;
        SessionBag.Set(typeof(UnAuthInfo).Name, unAuthInfo);
    }
}

您可以再访问动态会话袋在您的自定义AuthUserSession 会话事件与

You can then access the dynamic Session Bag in your Custom AuthUserSession Session Events with:

public class CustomUserSession : AuthUserSession
{
    [DataMember]
    public string CustomInfo { get; set; }

    public override void OnAuthenticated(IServiceBase service, IAuthSession session, 
        IAuthTokens tokens, Dictionary<string, string> authInfo)
    {
        var sessionBag = new SessionFactory(service.GetCacheClient())
            .GetOrCreateSession();
        var unAuthInfo = sessionBag.Get<UnAuthInfo>(typeof(UnAuthInfo).Name);
        if (unAuthInfo != null)
            this.CustomInfo = unAuthInfo.CustomInfo;
    }
}

新的Session API在v4.0.32 +

访问会话袋将在明年的 v4.0.32更好一点+ ServiceStack与新的 GetSessionBag（）和方便的ISession获取/设置扩展方法可以让你把上面的一样：

New Session API's in v4.0.32+

Accessing the Session bag will be a little nicer in next v4.0.32+ of ServiceStack with the new GetSessionBag() and convenience ISession Get/Set extension methods which will let you rewrite the above like:

public object Any(Request request)
{
    var unAuthInfo = SessionBag.Get<UnAuthInfo>() ?? new UnAuthInfo();
    unAuthInfo.CustomInfo = request.CustomInfo;
    SessionBag.Set(unAuthInfo);
}

//...

public override void OnAuthenticated(IServiceBase service, IAuthSession session, 
    IAuthTokens tokens, Dictionary<string, string> authInfo)
{
    var unAuthInfo = service.GetSessionBag().Get<UnAuthInfo>();
    if (unAuthInfo != null)
        this.CustomInfo = unAuthInfo.CustomInfo;
}

这篇关于如何维护会话信息accros认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！