在HTTP认证方案咨询(使用请求头) [英] Advice on HTTP authentication scheme (using request headers)
问题描述
我有托管在Heroku上一个Rails应用程序,我使用代理服务限制访问。外部服务器充当所有请求的中介和处理用户身份验证。一旦用户通过验证,服务器(我认为LDAP)将用户名的请求头,并将其重定向到我的应用程序。
I have a rails app hosted on Heroku that am restricting access to by using a proxy service. The external server acts as intermediary for all requests and handles user authentication. Once a user has authenticated, the server (I think LDAP) adds the user name to the request header and redirects them to my app.
我想使用的用户名来自请求头在我的应用程序验证用户身份。基本上,如果用户不存在,我会创建与该用户名的用户(不需要密码),如果不是,我只想登录他们。我要存储用户在我的应用程序的数据库中。
I would like to use the username from the request header to authenticate users in my app. Basically if the user doesn't exist I would create a user with that username (no password required) and if not I would just log them in. I will be storing the users in my app's database.
我应该怎么做呢?是否有可能使用设计用于此目的?
How should I do this? Is it possible to use Devise for this purpose?
修改:我得到了它与设计这样的/自定义的监狱长战略工作:
Edit: I got it working with Devise/custom Warden strategy like this:
# config/initializers/my_strategy.rb
Warden::Strategies.add(:my_strategy) do
def valid?
true
end
def authenticate!
if !request.headers["my_key"]
fail!("You are not authorized to view this site.")
redirect!("proxy_url")
else
username = request.headers["my_key"]
user = User.find_by_username(username)
if user.nil?
user = User.create(:username => username)
end
success!(user)
end
end
end
#config/initializers/devise.rb
config.warden do |manager|
manager.default_strategies(:scope => :user).unshift :my_strategy
end
我需要作出这个作为防弹越好。有没有我可以采取其他安全措施,以确保有人无法伪造请求标头访问我的网站?
I need to make this as bullet proof as possible. Are there other security measures can I take to make sure someone can't spoof the request header and access my site?
推荐答案
我觉得用色器件可以多一点矫枉过正,但你可以。你只需要定义一个监狱长strategie。在色器件或者只使用监狱长在此目的。
I think using devise can be a little more overkill, but you can. You just need define a warden strategie. in devise or use only warden in this purpose.
这篇关于在HTTP认证方案咨询(使用请求头)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!