ServiceStack:从Javascript访问会话信息 [英] ServiceStack: Access Session info from Javascript

问题描述

我正在使用ServiceStack和AngularJs创建SPA.当用户登录时，我在OnAuthenticated方法中设置了一些变量:

I'm creating a SPA using ServiceStack and AngularJs. When a user logs in I set some variables in the OnAuthenticated method:

    public override void OnAuthenticated(IServiceBase authService, IAuthSession session, IOAuthTokens tokens, Dictionary<string, string> authInfo)
    {
        var sessionUser = session.TranslateTo<AppUserSession>();
        var user = _userRepo.LoadUser(session.UserAuthName);

        var userSettings = ConfigurationSettings.Load(user);

        var customers = _customerRepo.ToList();
        sessionUser.UserName = user.UserName;
        sessionUser.DisplayName = user.DisplayName;
        sessionUser.CustomerCount = customers.Count;
        sessionUser.CustomerRecordId = customers.First().RecordID;
        sessionUser.RefreshRate = userSettings.RefreshRate;

        authService.SaveSession(sessionUser, SessionExpiry);
    }

所以我的问题是，然后我该如何使用Javascript访问此信息?我需要创建一个公开这些服务的服务，还是在HTTP标头中返回它?

So my question is, how can I then access this information in Javascript? Do I need to create a Service which exposes them or is it returned in a HTTP header?

推荐答案

我是否需要创建一个公开它们的服务，或者它是否在HTTP标头中返回?

Do I need to create a Service which exposes them or is it returned in a HTTP header?

默认情况下，ServiceStack不会以任何方式公开添加到会话中的自定义参数.

The custom parameters you add to the session are not exposed in any way by ServiceStack, by default.

您可以在登录响应中返回此信息，作为成功响应的一部分.

You can return this information in the response from your login, as part of a successful response.

目前，ServiceStack CredentialsAuthProvider的默认响应为:

At the moment the default response from ServiceStack's CredentialsAuthProvider is:

return new AuthResponse {
    UserName = userName,
    SessionId = session.Id,
    ReferrerUrl = referrerUrl
};

您可以通过覆盖Authenticate方法在自定义身份验证提供程序中自定义此内容.

You can customise this in your custom authentication provider, by overriding the Authenticate method.

此方法中的大多数代码都是从原始的CredentialsAuthProvider身份验证方法(在此)，然后进行调整以使用您的自定义会话类型(AppUserSession)并填充一个自定义响应.

Most of the code in this method is copied from the original CredentialsAuthProvider authenticate method (here) and then adapted to use your custom session type (AppUserSession) and populate a custom response.

public override object Authenticate(IServiceBase authService, IAuthSession session, Auth request)
{
    var userName = request.UserName;
    var password = request.Password;

    if (!LoginMatchesSession(session, userName))
    {
        authService.RemoveSession();
        session = authService.GetSession();
    }

    if (TryAuthenticate(authService, userName, password))
    {
        session.IsAuthenticated = true;

        if (session.UserAuthName == null)
        {
            session.UserAuthName = userName;
        }

        OnAuthenticated(authService, session, null, null);

        var sessionUser = authService.GetSession() as AppUserSession;

        // Return your Authentication Response DTO here
        return new {
            UserName = userName,
            SessionId = session.Id,
            DisplayName = sessionUser.DisplayName,
            CustomerCount = sessionUser.CustomerCount,
            ...
        };
    }

    throw HttpError.Unauthorized("Invalid UserName or Password");
}

使用服务公开:

您可以通过编写自定义服务来暴露它们，该服务将返回此附加信息，但是成功登录后又需要另一个请求，这将给用户增加更多的延迟和数据开销.

Expose using a Service:

You could expose them by writing a custom service that would return this additional information, but that then requires another request after successfully logging in, and that would add more delay for the user, and data overhead.

[Route("/SessionInfo", "GET")]
public class GetSessionInfoRequest : IReturn<SessionInfo>

public class SessionInfo
{
    public string Username { get; set; }
    public string DisplayName { get; set; }
    public int CustomerCount { get; set; }
    ...
}

[Authenticate]
public class SessionInfoService : Service
{
    public SessionInfo Get(GetSessionInfoRequest request)
    {
        var sessionUser = SessionAs<AppUserSession>();
        return new SessionInfo {
            UserName = sessionUser.UserName,
            DisplayName = sessionUser.DisplayName,
            CustomerCount = sessionUser.CustomerCount,
            ...
        };
    }
}

作为服务公开的唯一真正好处是，您以后可以调用它，而不必重新进行身份验证即可获得较新的数据值(如果数据已更改).

The only real benefit of exposing as a service, is you would be able to call it later, and get fresher values of the data (if it has changed) without having to re-authenticate.

希望有帮助.

这篇关于ServiceStack:从Javascript访问会话信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！