在 Ruby on Rails 中，authenticate_with_http_basic 有什么作用? [英] In Ruby on Rails, what does authenticate_with_http_basic do?

问题描述

Restful Authentication 使用authenticate_with_http_basic，但是在网上搜索可以找到很多没有描述的页面.在官方的http://api.rubyonrails.org/上也可以找到，除了再次有没有描述，没有评论，没有规范.

Restful Authentication uses authenticate_with_http_basic, but a search on the net can find many pages with no description. On the official http://api.rubyonrails.org/, it can also be found, except again there is no description, no comment, no spec.

它有什么作用?它似乎能够使用来自 HTTP 请求的 login_name 和 password，然后可以将它们与 login_name 和 encrypted_pa​​ssword> 进行比较 在 users 表中......但如果是这样，为什么甚至没有 1 行描述?

What does it do? it seems to be able to use a login_name and password from an HTTP request and then they can be compared to the login_name and encrypted_password in the users table... but is that the case, why aren't there even a 1-line description?

推荐答案

此方法允许您实现基本的 http 身份验证(弹出小对话框要求输入用户名和密码的那种).这通常是限制对开发站点或管理区域的访问的好方法.例如:

This method allows you to implement basic http authentication (the kind where a little dialog box pops up asking for a username and password). It's generally a great way to limit access to a development site or admin area. For example:

class AdminController < ApplicationController
  before_filter :authenticate

  def authenticate
    authenticate_or_request_with_http_basic('Administration') do |username, password|
      username == 'admin' && password == 'password'
    end
  end
end

这个函数要么请求基本的http认证用户名和密码，要么在输入后，它会实际检查认证是否正确.换句话说，这个函数要么调用 authenticate_with_http_basic 要么调用 request_http_basic_authentication.您可以在此处阅读更多相关信息并查看更多示例.您通常会调用authenticate_or_request_with_http_basic 而不是调用authenticate_with_http_basic 或request_http_basic_authentication，因为前一个函数将适用于后一个函数.

This function will either make a request for the basic http authentication username and password, or after it has been entered, it will actually check if the authentication was correct. In other words this function will either call authenticate_with_http_basic or it will call request_http_basic_authentication. You can read more about it and see more examples here. You'll generally call authenticate_or_request_with_http_basic instead of calling authenticate_with_http_basic or request_http_basic_authentication, since the former function will all the appropriate of the latter functions.

P.S:authenticate_with_http_basic 不使用 POST 变量，它使用标头信息来获取用户名和密码(request.env['HTTP_AUTHORIZATION']).您可以在此处查看有关授权功能的更多信息.

P.S: authenticate_with_http_basic does not use POST variables, it uses header information to get the username and password (request.env['HTTP_AUTHORIZATION']). You can view more information about the authorization function here.

这篇关于在 Ruby on Rails 中，authenticate_with_http_basic 有什么作用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！