ServiceStack验证属性不检查用户是否通过验证

Question

我只能在客户端进行身份验证时才能访问服务，我只能访问Authenticate属性，但因为无法验证而无法访问服务，所以无法正常工作。我将Request Authenticate属性放在请求DTO，服务的顶部和Action之前。下面是我想保护

[Authenticate] 
public class HelloService : Service 
{ 
    public const string HelloServiceCounterKey = "HelloServiceCounter"; 

    public object Any(HelloRequest request) 
    { 
      var userSession = SessionAs<AppHost.CustomUserSession>(); 
      Session.Set(HelloServiceCounterKey, Session.Get<int>(HelloServiceCounterKey) + 1); 
      var roles = string.Join(", ", userSession.Roles.ToArray()); 
      return new HelloResponse { Result = "Hello, " + request.Name + ", your role(s): " + roles }; 

    } 
} 

我有这样的服务的一些代码我APPHOST配置（Funq.Container容器）

Plugins.Add(new AuthFeature(
      () => new CustomUserSession(), 
      new[] { new CustomCredentialsAuthProvider() } 
     )); 

public class CustomUserSession : AuthUserSession 
    { 
     public string CompanyName { get; set; } 
    } 

    public class CustomCredentialsAuthProvider : CredentialsAuthProvider 
    { 
     public override bool TryAuthenticate(IServiceBase authService, string userName, string password) 
     { 
      if (!Membership.ValidateUser(userName, password)) return false; 

      var session = (CustomUserSession)authService.GetSession(false); 
      session.CompanyName = "Company from DB"; 
      session.UserAuthId = userName; 
      session.IsAuthenticated = true; 

      // add roles 
      session.Roles = new List<string>(); 
      if (session.UserAuthId == "admin") session.Roles.Add(RoleNames.Admin); 
      session.Roles.Add("User"); 

      return true; 
     } 
    } 

当访问在

var roles = string.Join(", ", userSession.Roles.ToArray()); 

行服务

obviosly返回NULL，因为尚未进行身份验证。

应该怎么做这种情况下的验证属性？

Answer 1

您需要配置身份验证提供在你应用主机配置如下：

public override void Configure(Container container) 
{ 
    Plugins.Add(new AuthFeature(() => new AuthUserSession(), new IAuthProvider[] 
       { 
       your providers here... 
       })); 

} 

编辑：

假设CustomUserSession从IAuthSession继承你可以改变

var session = (CustomUserSession)authService.GetSession(false); 

要

var session = authService.GetSession<CustomUserSession>(); 

，并就我看你是不是在认证后保存会话

尝试这样的事：

public override object Authenticate(IServiceBase authService, IAuthSession session, ServiceStack.ServiceInterface.Auth.Auth request) 
     { 

      string userName = request.UserName; 
      string password = request.Password; 

      if (!LoginMatchesSession(session, userName)) 
      { 
       authService.RemoveSession(); 
       session = authService.GetSession(); 
      } 

      if (TryAuthenticate(authService, userName, password)) 
      { 
       authService.SaveSession(session, SessionExpiry); 
       if (session.UserAuthName == null) 
        session.UserAuthName = userName; 
       OnAuthenticated(authService, session, null, null); 

       return new AuthResponse 
       { 
        UserName = userName, 
        SessionId = session.Id, 
        ReferrerUrl = RedirectUrl 
       }; 
      } 

      throw new HttpError(HttpStatusCode.BadRequest, "400", "wrong credentials"); 

     } 


    public override bool TryAuthenticate(IServiceBase authService, string userName, string password) 
     { 
      var session = authService.GetSession<CustomUserSession>(); 
      if (!Membership.ValidateUser(userName, password)) return false; 


       session.IsAuthenticated = true; 
       session.Id = authService.GetSessionId(); 
       return true; 


      } 

编辑： 还有其他缺失的部分，你需要配置一个cacheclient因为所有的会议都在高速缓存管理

尝试类似的东西：

container.Register<ICacheClient>(new MemoryCacheClient(){FlushOnDispose = false}); 

您可以使用主机配置更新代码吗？