ServiceStack驗證屬性不檢查用戶是否通過驗證

Question

我只能在客戶端進行身份驗證時才能訪問服務，我只能訪問Authenticate屬性，但因爲無法驗證而無法訪問服務，所以無法正常工作。我將Request Authenticate屬性放在請求DTO，服務的頂部和Action之前。下面是我想保護

[Authenticate] 
public class HelloService : Service 
{ 
    public const string HelloServiceCounterKey = "HelloServiceCounter"; 

    public object Any(HelloRequest request) 
    { 
      var userSession = SessionAs<AppHost.CustomUserSession>(); 
      Session.Set(HelloServiceCounterKey, Session.Get<int>(HelloServiceCounterKey) + 1); 
      var roles = string.Join(", ", userSession.Roles.ToArray()); 
      return new HelloResponse { Result = "Hello, " + request.Name + ", your role(s): " + roles }; 

    } 
} 

我有這樣的服務的一些代碼我APPHOST配置（Funq.Container容器）

Plugins.Add(new AuthFeature(
      () => new CustomUserSession(), 
      new[] { new CustomCredentialsAuthProvider() } 
     )); 

public class CustomUserSession : AuthUserSession 
    { 
     public string CompanyName { get; set; } 
    } 

    public class CustomCredentialsAuthProvider : CredentialsAuthProvider 
    { 
     public override bool TryAuthenticate(IServiceBase authService, string userName, string password) 
     { 
      if (!Membership.ValidateUser(userName, password)) return false; 

      var session = (CustomUserSession)authService.GetSession(false); 
      session.CompanyName = "Company from DB"; 
      session.UserAuthId = userName; 
      session.IsAuthenticated = true; 

      // add roles 
      session.Roles = new List<string>(); 
      if (session.UserAuthId == "admin") session.Roles.Add(RoleNames.Admin); 
      session.Roles.Add("User"); 

      return true; 
     } 
    } 

當訪問在

var roles = string.Join(", ", userSession.Roles.ToArray()); 

行服務

obviosly返回NULL，因爲尚未進行身份驗證。

應該怎麼做這種情況下的驗證屬性？

Answer 1

您需要配置身份驗證提供在你應用主機配置如下：

public override void Configure(Container container) 
{ 
    Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[] 
       { 
       your providers here... 
       })); 

} 

編輯：

假設CustomUserSession從IAuthSession繼承你可以改變

var session = (CustomUserSession)authService.GetSession(false); 

要

var session = authService.GetSession<CustomUserSession>(); 

，並就我看你是不是在認證後保存會話

嘗試這樣的事：

public override object Authenticate(IServiceBase authService, IAuthSession session, ServiceStack.ServiceInterface.Auth.Auth request) 
     { 

      string userName = request.UserName; 
      string password = request.Password; 

      if (!LoginMatchesSession(session, userName)) 
      { 
       authService.RemoveSession(); 
       session = authService.GetSession(); 
      } 

      if (TryAuthenticate(authService, userName, password)) 
      { 
       authService.SaveSession(session, SessionExpiry); 
       if (session.UserAuthName == null) 
        session.UserAuthName = userName; 
       OnAuthenticated(authService, session, null, null); 

       return new AuthResponse 
       { 
        UserName = userName, 
        SessionId = session.Id, 
        ReferrerUrl = RedirectUrl 
       }; 
      } 

      throw new HttpError(HttpStatusCode.BadRequest, "400", "wrong credentials"); 

     } 


    public override bool TryAuthenticate(IServiceBase authService, string userName, string password) 
     { 
      var session = authService.GetSession<CustomUserSession>(); 
      if (!Membership.ValidateUser(userName, password)) return false; 


       session.IsAuthenticated = true; 
       session.Id = authService.GetSessionId(); 
       return true; 


      } 

編輯： 還有其他缺失的部分，你需要配置一個cacheclient因爲所有的會議都在高速緩存管理

嘗試類似的東西：

container.Register<ICacheClient>(new MemoryCacheClient(){FlushOnDispose = false}); 

您可以使用主機配置更新代碼嗎？