如何获得ServiceStack认证工作？ （与iPhone客户端） [英] How to get ServiceStack authentication to work? (with iPhone clients)

问题描述

我们聘请了一位承包商是谁写的一个iPhone应用程序对我们来说，和我开始为它编写与ServiceStack后端服务。

We have hired a contractor who is writing an iPhone app for us, and I'm starting to write the backend service for it with ServiceStack.

我与一般授权挣扎：用什么样的授权以及如何实现它的结果
我不知道很多关于ServiceStack，HTTP和授权（还）..我读过的this ，但我可能还是做错了什么。

I'm struggling with authorization in general: what kind of authorization to use and how to implement it.
I don't know much about ServiceStack, HTTP and authorization (yet).. I've read this, but I'm probably still doing something wrong.

我将使用用户名和密码从现有的传统数据库认证（但没有别的 - 没有新用户注册，没有不同的权限只是认证）结果
所以我需要写我自己的供应商。 。

I will use usernames and passwords from an existing legacy database to authenticate (but nothing else - no registering of new users, no different permissions. Just authenticating).
So I need to write my own provider.

我已经成功地实现了一个工作 CredentialsAuthProvider 与this教程结果
它工作时，我测试它在浏览器中：

I've managed to implement a working CredentialsAuthProvider with the help from this tutorial.
It works when I test it in the browser:

• 打电话给我的服务，并得到401


• 发布到认证/凭据


• 再次打电话给我的服务，并得到正确的结果

不过，我注意到，当我尝试在提琴手相同的工作流无法正常工作。

However, I noticed that the same workflow doesn't work when I try it in Fiddler.

POST到 AUTH /凭证的作品。我张贴此：

The POST to auth/credentials works. I POST this:

POST http://localhost:52690/auth/credentials?format=json HTTP/1.1
User-Agent: Fiddler
Host: localhost:52690
Content-Length: 74
Content-Type: application/json; charset=utf-8

{
  "UserName": "chspe",
  "Password": "xyz",
  "RememberMe": true
}

...并得到这样的：

...and get this:

HTTP/1.1 200 OK
Server: ASP.NET Development Server/10.0.0.0
Date: Fri, 14 Jun 2013 13:07:35 GMT
X-AspNet-Version: 4.0.30319
X-Powered-By: ServiceStack/3,949 Win32NT/.NET
Set-Cookie: ss-id=3YUUgfwIeJd7PedFK5Th; path=/; HttpOnly
Set-Cookie: ss-pid=zQJ5Z4Vq7AY+BpVwbttj; expires=Tue, 14-Jun-2033 13:07:35 GMT; path=/; HttpOnly
Set-Cookie: ss-opt=perm; expires=Tue, 14-Jun-2033 13:07:35 GMT; path=/; HttpOnly
Set-Cookie: X-UAId=; expires=Tue, 14-Jun-2033 13:07:35 GMT; path=/; HttpOnly
Cache-Control: private
Content-Type: application/json; charset=utf-8
Content-Length: 75
Connection: Close

{"sessionId":"zQJ5Z4Vq7AY+BpVwbttj","userName":"chspe","responseStatus":{}}

我看不错结果
但随后呼叫。我实际的服务仍然返回401：

Looks good to me.
But then the call to my actual service still returns a 401:

GET http://localhost:52690/hello/world?format=json HTTP/1.1
User-Agent: Fiddler
Host: localhost:52690
Content-Length: 0
Content-Type: application/json; charset=utf-8

响应：

Response:

HTTP/1.1 401 Unauthorized
Server: ASP.NET Development Server/10.0.0.0
Date: Fri, 14 Jun 2013 13:07:44 GMT
X-AspNet-Version: 4.0.30319
WWW-Authenticate: credentials realm="/auth/credentials"
X-Powered-By: ServiceStack/3,949 Win32NT/.NET
Cache-Control: private
Content-Length: 0
Connection: Close

（这是为HelloService 从 ServiceStack.Host.AspNet包，我刚添加的 [授权] 属性）的

(this is the HelloService from the ServiceStack.Host.AspNet package, I just added the [Authorize] attribute)

实际的请求正确的，因为同样的通话效果，当我删除 [授权] 属性。

The actual request is correct, because the very same call works when I remove the [Authorize] attribute.

我注意到 CredentialsAuthProvider 似乎与饼干的工作（有几个设置Cookie的：在第一个响应... 行）。

I noticed that the CredentialsAuthProvider seems to work with cookies (there are several Set-Cookie: ... lines in the first response).

显然，提琴手不承认饼干，我怎么知道，如果一个iPhone的（或任何其他移动设备）的会吗？

Apparently Fiddler does not recognize the cookies, how do I know if an iPhone (or any other mobile device) would?

接下来，我尝试使用基本身份验证，而不是结果
这是我的 BasicAuthProvider ：

Next, I tried to use Basic Authentication instead.
Here is my BasicAuthProvider:

public class MyBasicAuthProvider : BasicAuthProvider
{
    public override object Authenticate(IServiceBase authService, IAuthSession session, Auth request)
    {
        if (request.UserName == "MyUser")
        {
            return true;
        }
    }
}

但我难倒 - 我甚至不得到这个从浏览器中运行。

But I'm stumped - I don't even get this to work from the browser.

当我打开我的浏览器服务的URL，弹出一个窗口，询问用户名和密码。结果
我输入正确的用户名并回车，并在同一个窗口立即再次弹出。又一次，又一次...等，不管多久我进入（正确）的数据。

When I load the URL of my service in the browser, a window pops up and asks for username and password.
I enter the correct username and press Enter, and the same window pops up again immediately. And again, and again...and so on, no matter how often I enter the (correct) data.

不过，我可以看到ServiceStack实际使用我的 MyBasicAuthProvider ，因为当我设置在Visual Studio中断点，我看到它识别用户名和返回真。

However, I can see that ServiceStack actually uses my MyBasicAuthProvider, because when I set a breakpoint in Visual Studio, I see that it recognizes the username and returns True.

我需要做更多的东西来得到工作吗？基本认证用我自己的数据库？不覆盖身份验证够吗？

Do I need to do something more to get working Basic Auth with my own database? Isn't overriding Authenticate enough?

推荐答案

我会尽力回答您的问题ServiceStack结束，但我认为你需要考虑的处理通过HTTP 认证以及iPhone应用程序如何处理HTTP请求/响应。另外，我觉得此提供一些见解到ServiceStack如何处理身份验证。

I'll try to answer the ServiceStack end of your questions but I think you need to look into handling authentication over HTTP as well as how iPhone apps handle HTTP requests/response. Also, I think this provides some insight into how ServiceStack handles authentication.

是CredentialsAuthProvider即使是客户端，这不是一个浏览器的正确选择？结果
我认为你可以使用证书或基本。你需要某种类型的自定义验证的因为你的用户名/在自己的数据库密码（你也可以继承或者CredentialsAuthProvider或BasicAuthProvider并覆盖TryAuthenticate）。两者之间的区别是，你想在客户端（在这种情况下，iPhone应用程序），把用户名/密码在HTTP请求到您的服务。与证书它的身体的一部分。有了基本的它的认证头的一部分。在服务器端ServiceStack抽象你需要做的到你选择的* Provider类/代码什么。

Is the CredentialsAuthProvider even the right choice for a client that's not a browser?
I think you can use Credentials or Basic. You need some type of Custom Authentication since you have usernames/passwords in your own database (you can subclass either CredentialsAuthProvider or BasicAuthProvider and override TryAuthenticate). The difference between the two is where you would like the client (in this case the iPhone app) to put the username/password in the HTTP request to your Service. With Credentials it's part of the body. With Basic it's part of the Authorization Header. On the 'server side' ServiceStack abstracts what you need to do into the *Provider class/code you choose.

不过，我注意到，当我尝试在提琴手相同的工作流无法正常工作。结果
正确。提琴手不守住会话cookie，并在随后的请求（即如浏览器）送他们一起。您需要使用招时，手动提供给他们。

However, I noticed that the same workflow doesn't work when I try it in Fiddler.
Correct. Fiddler does not hold onto Session cookies and send them along in subsequent requests (ie. like a browser does). You would need to 'manually' supply them when using Fiddler.

第二个问题：什么我做错了结果
我不认为ServiceStack有什么，会启动弹出窗口请求验证。这听起来像一个集成Windows身份验证的问题。真的不知道，虽然。

Second question: What am I doing wrong?
I don't think ServiceStack has anything that launches a 'popup window' requesting authentication. This sounds like an 'Integrated Windows Authentication' issue. Not really sure, though.

这篇关于如何获得ServiceStack认证工作？ （与iPhone客户端）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！