每个请求的 Servicestack 身份验证过程 [英] Servicestack authentication process on each request
问题描述
我已经阅读了提供的大部分文档和示例,但我正在寻找其他用户对我的设置的一些输入.
I have been through much of the documentation and examples provided, but Im looking for some inputs for my setup from other users.
我有一些客户(网站、iOs/Android 应用程序).这些仅用作架子,其内容将通过 servicestack 请求,这使 servicestack 成为我设置的中心点.客户端将通过 servicestack 登录并获取 sessionid.
I have a some clients (website, iOs/Android apps). These only serves as a shelves and its content will be requested through servicestack, which makes servicestack a central point of my setup. The client will login through servicestack and get a sessionid.
我的问题是,我应该如何设置 servicestack 以确保用户在每个请求上都得到验证?
My question here is, how should i setup servicestack to make sure that the user is validated on each request?
登录后我在想,我将用户保存在缓存中并确保它在一段时间后过期(除非持续存在).然后在基于会话 id 的每个请求上,我检查缓存以查看用户是否存在.如果用户存在,请求我通过身份验证,如果不存在,用户必须重新登录.
I was thinking after login, i save the user in the cache and make sure this expires after some time (unless persisted). Then on each request based on the session id, i check the cache to see if the user exists. If the user exists, the request i authenticated, and if not the user have to login again.
我是否在正确的轨道上,或者在服务堆栈中是否有更简单的方法来支持这一点?
Am i on the right track here, or is there an easier way in servicestack, to support this?
推荐答案
我在考虑登录后,我将用户保存在缓存中并确保它在一段时间后过期(除非持续存在).
听起来你可以只使用 Authentication/Authorization 插件.一旦用户通过身份验证(使用任何提供者"),用户的会话就会存储在 缓存 使用密钥 'urn:iauthsession:[sessionId]' 并包含一个 bool 属性 isAuthenticated.对于任何需要身份验证的服务,您可以使用 Authenticate 属性.
It sounds like you can just use the Authentication/Authorization plugin. Once a user is authenticated (using any of the 'Providers') the user's session is stored in the cache using the key 'urn:iauthsession:[sessionId]' and contains a bool property isAuthenticated. For any Service the requires Authentication you can use the Authenticate attribute.
这篇关于每个请求的 Servicestack 身份验证过程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!