cUrls的选项“-u” [英] cUrls's option "-u"
问题描述
来自cUrl docs:
From cUrl docs:
-u, --user <user:password;options>
Specify the user name, password and optional login options to use for server authentication. Overrides -n, --netrc and --netrc-optional.
它转换成什么,意味着如何在服务器上捕获它来验证用户:它们在GET或POST参数中?
What it gets translated to, meaning how do I catch it on the server to authenticate the user: are they in GET or in POST parameters?
语言不重要,这个想法很重要。
The language is not important, the idea is important.
推荐答案
这取决于身份验证方法但对于最常见的 - 基本验证和 Digest Auth ,这适用于临时 HTTP标头。以下是Basic Auth的示例:
It all depends on the authentication method but for the most common ones - Basic Auth and Digest Auth, this works with ad hoc HTTP headers. Here's an example with Basic Auth:
curl -u john:pwd http://foo.com/misc
这会执行一个带有相应标题的GET请求:
This performs a GET request with the corresponding header:
GET /misc HTTP/1.1
Authorization: Basic am9objpwd2Q=
User-Agent: curl/7.33.0
Host: foo.com
Accept: */*
授权
包含服务器应解析的认证数据,base64解码[1]并使用。相同的标头将使用POST请求设置。您可以使用像 httpbin(1)这样的服务轻松测试它(请参阅 / basic-auth /:user /:passwd
endpoint)。
The Authorization
header contains the authentication data the server is supposed to parse, base64 decode[1] and use. The same header would be set with a POST request. You can easily test it out with a service like httpbin(1) (see /basic-auth/:user/:passwd
endpoint).
Digest auth有点复杂,但也可以使用HTTP标头:
Digest auth is a bit more complex but works with HTTP headers too:
- 客户端首先发送其请求,服务器回复
401未授权
,包括WWW-Authenticate
标题,以解决问题, - 客户端解决质询并发送另一个请求,其中包括
- the client first send its request, the server replies with a
401 Unauthorized
including aWWW-Authenticate
header with a challenge to solve, - the client solves the challenge and send another request with the response included into a
Authorization
header which has to be parsed and validated on the server-side.
[1]: base64(john:pwd)
- > am9objpwd2Q =
[1]: base64("john:pwd")
-> am9objpwd2Q=
这篇关于cUrls的选项“-u”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!