苗条的基本身份验证 [英] Slim Basic Authentication

问题描述

大家好！

我在这里有一个使用 slim-basic-auth 的苗条代码.当我进入受限制的目录时，将显示:

I have a working slim code here with slim-basic-auth and when I go to a restricted directory, this shows up:

一切正常，但是我想做的是将其重定向到我的登录页面，而不是显示弹出式登录框.这是我的登录页面:

Everything works, but what I wanted to do is to redirect it to my login page instead of showing a popup login box. Here is my login page:

我的苗条代码:

$pdo = new \PDO("mysql:host=localhost;dbname=databasename", "username");
$app->add(new \Slim\Middleware\HttpBasicAuthentication([
    "path" => "/main",
    "realm" => "Protected",
    "authenticator" => new PdoAuthenticator([
        "pdo" => $pdo,
        "table" => "accounts",
        "user" => "accountUsername",
        "hash" => "accountPassword"
    ]),
    "callback" => function ($request, $response, $arguments) use ($app) {
        return $response->withRedirect('/main/contacts');
    }

当我尝试使用弹出式登录框登录时，它可以工作，但是我真的想将其重定向到我的登录页面，而不是重定向到我的登录页面.

When I try to login using the popup login box, it works but I really want to redirect it to my login page instead of that.

任何帮助将不胜感激.

推荐答案

中间件实现 HTTP基本访问身份验证.身份验证对话框是通过响应标头触发的.由浏览器供应商决定如何请求凭据.大多数浏览器都使用您所描述的弹出式登录对话框.

The middleware implements HTTP Basic Access Authentication. Authentication dialog is triggered via response header. It is up to the browser vendor to decide how credentials are asked. Most browsers use the popup login dialog you described.

您要尝试的是使用HTTP基本身份验证的一些非常规方法.但是，您可以通过从响应中删除WWW-Authenticate标头来禁止登录对话框.请注意，您至少需要 2.0.2 版本. >

What you are trying to do is a bit unorthodox way of using HTTP Basic Authentication. However you can suppress the login dialog by removing the WWW-Authenticate header from the response. Note the you need at least version 2.0.2 for this to work.

$app->add(new \Slim\Middleware\HttpBasicAuthentication([
    "path" => ["/main"],
    "authenticator" => new PdoAuthenticator([
        "pdo" => $pdo,
        "table" => "accounts",
        "user" => "accountUsername",
        "hash" => "accountPassword"
    ]),
    "error" => function ($request, $response, $arguments) {
        return $response
            ->withRedirect("/auth/login")
            ->withoutHeader("WWW-Authenticate");
    }
]));

但是，使用上面的代码，您仍然必须以某种方式设置Authentication: Basic请求标头.一种方法是使用AJAX请求.

However with code above you still have to set the Authentication: Basic request header somehow. One way to do is using an AJAX request.

$.ajax({
   url: "http://example.com/auth/login",
   username: $("username").val(),
   password: $("password").val(),
   success: function(result) {
     alert("Authorization header should now be set...");
   }
});

这篇关于苗条的基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！