只有某些网址的SSL客户端证书身份验证？ [英] SSL client cert authentication for only some URLs?

问题描述

如果我使用SSL客户端证书验证我的客户，这是一个必然站点范围内的过滤器，或者我要求或不能​​在应用程序中需要每个URL验证？所以我想

If I authenticate my clients using SSL client certs, is that necessarily a site-wide filter, or can I either require or not require authentication per-URL from within an application? So I'd like

https://mysite.com/my_url 不关心客户是谁，只是用正常HTTPS
https://mysite.com/my_sensitive_url 要求客户端使用一个有效的客户端证书

https://mysite.com/my_url doesn't care who the client is, just uses 'normal' https https://mysite.com/my_sensitive_url requires that the client is using a valid client cert

我在工作的Ruby on Rails的，但我感兴趣的是SSL客户端证书认证是否是这个足够灵活的一般问题。我可以想象，与不同的URL不同的设置手写的apache的conf也许可以这样做，但我真的更愿意在应用程序级别定义这种事情。

I'm working in Ruby on Rails, but I'm interested in the general question of whether SSL client cert authentication is flexible enough for this. I can imagine that a hand-written apache conf with different settings for different URLs could probably do it, but I'd really much rather define this kind of thing at the application level.

推荐答案

您会（一）设置的服务器做通过SSL证书认证; （二）设置服务器为希望，而不是需要SSL客户端身份验证，然后（c）定义的访问规则的具体网址或要求用户模式来进行登录，而不是为别人。

You would (a) set the server to do authentication via SSL certificates; (b) set the server to to 'want' rather than 'need' SSL client authentication, and then (c) define access rules for the specific URLs or patterns that required the user to be logged in, and not for the others.

这篇关于只有某些网址的SSL客户端证书身份验证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！