IIS 8 上的自定义身份验证服务堆栈服务 运行 return 404 用于未经过身份验证的方法
Custom Authentication Servicestack services running on IIS 8 return 404 for non authenticated methods
我是 运行 我的 ServiceStack 服务 Web 项目(一个非 MVC 项目)在 IIS 8 上,集成管道(框架 4.5)。
现在如果我的服务还没有验证它returns 404。如果它被验证它运行正常。
我本以为会出现 401。我还使用 IIS Express 对其进行了测试,并返回了相同的代码。
Request/Response DTO:
[Route("/common/init/{token}/{timestamp}")]
public class InitRequest
{
public string Token { get; set; }
public string TimeStamp { get; set; } //This also prevents an unwanted IE request caching
}
public class InitResponse
{
}
服务:
public class CommonService : Service
{
[Authenticate]
public object Get(InitRequest request)
{
...
}
}
Web.config:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add path="*" name="ServiceStack.Factory" type="ServiceStack.HttpHandlerFactory, ServiceStack" verb="*" preCondition="integratedMode" resourceType="Unspecified" allowPathInfo="true" />
</handlers>
</system.webServer>
顺便说一句,我使用的是自定义身份验证,代码:
public class CustomAuthProvider : AuthProvider
{
public CustomAuthProvider()
{
this.Provider = "Custom AuthProvider";
}
public override bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null)
{
return session.IsAuthenticated;
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
throw new NotImplementedException();
}
}
请求Header:
GET /GlonecoServices/login? redirect=http%3a%2f%2flocalhost%2fGlonecoServices%2fcommon%2finit%2fsometoken%2f123456789 HTTP/1.1
User-Agent: Fiddler
Host: localhost
回复Header:
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Vary: Accept
Server: Microsoft-IIS/8.5
X-Powered-By: ServiceStack/4,035 Win32NT/.NET
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 14 Jan 2015 18:22:20 GMT
Content-Length: 328
对于 HTML Clients/User 代理(即 Web 浏览器),默认情况下,ServiceStack 会自动将试图访问 [Authenticate] 受保护服务的未经身份验证的用户重定向到 /login 页面。
注册 AuthFeature 插件时可以更改 /login 页面约定,即:
Plugins.Add(new AuthFeature(...) {
HtmlRedirect = "/customlogin"
});
我是 运行 我的 ServiceStack 服务 Web 项目(一个非 MVC 项目)在 IIS 8 上,集成管道(框架 4.5)。
现在如果我的服务还没有验证它returns 404。如果它被验证它运行正常。 我本以为会出现 401。我还使用 IIS Express 对其进行了测试,并返回了相同的代码。
Request/Response DTO:
[Route("/common/init/{token}/{timestamp}")]
public class InitRequest
{
public string Token { get; set; }
public string TimeStamp { get; set; } //This also prevents an unwanted IE request caching
}
public class InitResponse
{
}
服务:
public class CommonService : Service
{
[Authenticate]
public object Get(InitRequest request)
{
...
}
}
Web.config:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add path="*" name="ServiceStack.Factory" type="ServiceStack.HttpHandlerFactory, ServiceStack" verb="*" preCondition="integratedMode" resourceType="Unspecified" allowPathInfo="true" />
</handlers>
</system.webServer>
顺便说一句,我使用的是自定义身份验证,代码:
public class CustomAuthProvider : AuthProvider
{
public CustomAuthProvider()
{
this.Provider = "Custom AuthProvider";
}
public override bool IsAuthorized(IAuthSession session, IAuthTokens tokens, Authenticate request = null)
{
return session.IsAuthenticated;
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
throw new NotImplementedException();
}
}
请求Header:
GET /GlonecoServices/login? redirect=http%3a%2f%2flocalhost%2fGlonecoServices%2fcommon%2finit%2fsometoken%2f123456789 HTTP/1.1
User-Agent: Fiddler
Host: localhost
回复Header:
HTTP/1.1 404 Not Found
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Vary: Accept
Server: Microsoft-IIS/8.5
X-Powered-By: ServiceStack/4,035 Win32NT/.NET
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 14 Jan 2015 18:22:20 GMT
Content-Length: 328
对于 HTML Clients/User 代理(即 Web 浏览器),默认情况下,ServiceStack 会自动将试图访问 [Authenticate] 受保护服务的未经身份验证的用户重定向到 /login 页面。
注册 AuthFeature 插件时可以更改 /login 页面约定,即:
Plugins.Add(new AuthFeature(...) {
HtmlRedirect = "/customlogin"
});