从 ServiceStack 身份验证返回自定义身份验证响应对象 [英] Return a custom auth response object from ServiceStack authentication
问题描述
是否可以返回自定义身份验证响应?我已经有自己的自定义身份验证提供程序,它继承自 CredentialsAuthProvider.
Is it possible to return a custom auth response? I already have my own custom authentication provider that inherits from CredentialsAuthProvider.
我想在响应中返回会话到期日期,以便客户端确切知道他们的服务器会话何时到期:
I want to return the session expiry date in the response, so that the client knows exactly when their server session will expire:
{
"sessionId": "bG27SdxbRkqJqU6xv/gvBw==",
"userName": "joe.bloggs@letmein.com",
"sessionExpires": "2013-04-29T03:27:14.0000000",
"responseStatus": {}
}
我可以像这样覆盖 Authenticate 方法:
I can override the Authenticate method like so:
public override object Authenticate(IServiceBase authService, IAuthSession session, Auth request)
{
// get base response
var response = base.Authenticate(authService, session, request);
// grab the session
var customSession = authService.GetSession() as CustomUserSession;
// if response can be cast and customSession exists
if (response is AuthResponse && customSession != null)
{
// cast
var authResponse = response as AuthResponse;
// build custom response
var customAuthResponse = new CustomAuthResponse
{
ReferrerUrl = authResponse.ReferrerUrl,
SessionExpiry = customSession.SessionExpires,
SessionId = authResponse.SessionId,
ResponseStatus = authResponse.ResponseStatus,
UserName = authResponse.UserName
};
return customAuthResponse;
}
// return the standard response
return response;
}
这很好用,除非会话已经处于活动状态.在这种情况下,AuthService Post 方法会检查有效会话和 自动返回一个标准的AuthResponse,并且没有明显的方法可以覆盖它:
This works fine, except in the case where the session already is active. In that case, the AuthService Post method checks for a valid session and automatically returns a standard AuthResponse, and there is no obvious way to override it:
var alreadyAuthenticated = response == null;
response = response ?? new AuthResponse {
UserName = session.UserAuthName,
SessionId = session.Id,
ReferrerUrl = referrerUrl,
};
根据以下 Paaschpa 的想法,以下强制重新验证始终需要重新验证,但似乎让多个活动会话处于打开状态可能存在风险:
Following Paaschpa's ideas below, the following forces re-auth to always be re-authenticated, but it seems like there could be risks involved in leaving multiple active sessions open:
public override bool IsAuthorized(IAuthSession session, IOAuthTokens tokens, Auth request = null)
{
// force re-authentication. Not great, but no other obvious way to do this
if (request != null)
{
return false; // auth or re-auth calls
}
return base.IsAuthorized(session, tokens, request);
}
谁能想到更好的方法来做到这一点?我可以实现自己的 AuthenticationService,但不确定如何覆盖 AuthFeature?
Can anyone think of a better way to do this? I could implement my own AuthenticationService, but I'm not sure how I would override the AuthFeature?
推荐答案
如果我理解正确,您希望在用户根据 '/auth/credentials' 进行身份验证后返回自定义响应.由于您已经拥有自己的 CredentialsAuthProvider,我认为您可以覆盖 Authenticate 并返回您自己的响应.
If I understand correctly, you want to return a custom response after a user authenticates against '/auth/credentials'. Since you already have your own CredentialsAuthProvider I think you could just override Authenticate and return your own response.
CredentialsAuthProvider 的子类
public class MyCredentialsAuthProvider : CredentialsAuthProvider
{
public override object Authenticate(ServiceStack.ServiceInterface.IServiceBase authService, IAuthSession session, Auth request)
{
//let normal authentication happen
var authResponse = (AuthResponse)base.Authenticate(authService, session, request);
//return your own class, but take neccessary data from AuthResponse
return new
{
UserName = authResponse.UserName,
SessionId = authResponse.SessionId,
ReferrerUrl = authResponse.ReferrerUrl,
SessionExpires = DateTime.Now
};
}
}
这篇关于从 ServiceStack 身份验证返回自定义身份验证响应对象的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
