耗费了REST Web服务与ServiceStack当用户认证 [英] User authentication when consuming a REST webservice with ServiceStack

问题描述

借助 ServiceStack 文档都充满了关于如何使用的实例的服务器端的实施用户身份验证。但是，我们如何在客户端设置的用户凭据？

The ServiceStack docs are full of examples on how to use server side implementation of authentication of a user. But how does one set the user credentials on the client side?

我用ServiceStack消耗 JSON REST 这样的服务：

I use ServiceStack to consume a JSON REST service like this:

var restClient = new JsonServiceClient (baseUri);
var response = restClient.Get<MyResponse> ("/some/service");

我如何任何形式的认证添加到请求？我想消费用途的web服务的OAuth 1.0 ，但我感兴趣的是添加自定义的认证了。

How can I add any form of authentication to the request? The webservice I want to consume uses OAuth 1.0, but I am interested in adding custom authentication, too.

在我的code，我有previously进行的OAuth令牌交换成功，所以我已经拥有一个有效的访问令牌和需要立即注册的每个REST请求使用该访问令牌及其 token_secret 。

In my code, I have previously performed OAuth token exchange successfully, so I already own a valid access token and need to sign every REST request now using this access token and its token_secret.

推荐答案

回答我自己，因为我找到了一个很好的方式做到这一点使用 LocalHttpWebRequestFilter 挂钩的 JsonServiceClient ：

Answering myself, as I've found a nice way to do it using the LocalHttpWebRequestFilter hook in the JsonServiceClient:

有关使用OAuth 1.0a的保护Web服务，每个HTTP请求必须发送一个特殊的 授权方式： 头。在该首标字段，一个散列（签名）必须发送使用请求作为输入数据的一些特性，比如主机名，请求的URL和其他的。

For securing a web service with OAuth 1.0a, every http request has to send a special Authorization: header. Within this header field, a hash (signature) must be send that uses some characteristics of the request as input data, like the hostname, request url and others.

现在看来 LocalHttpWebRequestFilter 由ServiceStack正确的HTTP请求作出之前调用，并公开底层的HttpWebRequest 对象，其中一个可以添加额外的标题和访问请求的必填字段。

Now it seems the LocalHttpWebRequestFilter is called by ServiceStack right before the http request is made, and exposes the underlying HttpWebRequest object, where one can add extra headers and access the required fields of the request.

所以我的解决方案现在已经基本：

So my solution is now basically:

var client = new JsonServiceClient (baseUri);

client.LocalHttpWebRequestFilter += (request) => {
    // compute signature using request and a previously obtained
    //  access token 
    string authorization_header = CalculateSignature (request, access_token);

    request.Headers.Add ("Authorization", authorization_header);
};
var response = client.Get<MySecuredResponse> ("/my/service");

请注意，我用的 Devdefined.OAuth 库做所有的沉重的东西在 CalculateSignature（）。请求令牌的创造，获取用户授权，并要求交换的OAuth访问令牌请求令牌ServiceStack之外完成的，上面的服务电话前。

Note that I use the Devdefined.OAuth library to do all the heavy stuff in CalculateSignature(). The creation of request token, obtaining user authorization, and exchanging the request token for access token as required by OAuth is done outside of ServiceStack, before the above service calls.

这篇关于耗费了REST Web服务与ServiceStack当用户认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！