HTTP基本认证
在HTTP中,HTTP基本认证(Basic Authentication)是一种允许网页浏览器或其他客户端程序以(用户名:口令) 请求资源的身份验证方式,不要求cookie,session identifier、login page等标记或载体。
- 所有浏览器据支持HTTP基本认证方式
- 基本身证原理不保证传输凭证的安全性,仅被based64编码,并没有encrypted或者hashed,一般部署在客户端和服务端互信的网络,在公网中应用BA认证通常与https结合
https://en.wikipedia.org/wiki/Basic_access_authentication
BA标准协议
BA认证协议的实施主要依靠约定的请求头/响应头,典型的浏览器和服务器的BA认证流程:
① 浏览器请求应用了BA协议的网站,服务端响应一个401认证失败响应码,并写入WWW-Authenticate响应头,指示服务端支持BA协议
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="our site" # WWW-Authenticate响应头包含一个realm域属性,指明HTTP基本认证的是这个资源集
或客户端在第一次请求时发送正确Authorization标头,从而避免被质询
② 客户端based64(用户名:口令),作为Authorization标头值 重新发送请求。
Authorization: Basic userid:password
所以在HTTP基本认证中认证范围与 realm有关(具体由服务端定义)
> 一般浏览器客户端对于www-Authenticate质询结果,会弹出口令输入窗.
BA编程实践
aspnetcore网站利用FileServerMiddleware 将路径映射到某文件资源, 现对该 文件资源访问路径应用 Http BA协议。
ASP.NET Core服务端实现BA认证:
① 实现服务端基本认证的认证过程、质询逻辑
②实现基本身份认证交互中间件BasicAuthenticationMiddleware ,要求对HttpContext使用 BA.Scheme
③ASP.NET Core 添加认证计划 , 为文件资源访问路径启用 BA中间件,注意使用UseWhen插入中间件
using System;
using System.Net.Http.Headers;
using System.Security.Claims;
using System.Text;
using System.Text.Encodings.Web;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
namespace EqidManager.Services
{
public static class BasicAuthenticationScheme
{
public const string DefaultScheme = "Basic";
}
public class BasicAuthenticationOption:AuthenticationSchemeOptions
{
public string Realm { get; set; }
public string UserName { get; set; }
public string UserPwd { get; set; }
}
public class BasicAuthenticationHandler : AuthenticationHandler<BasicAuthenticationOption>
{
private readonly BasicAuthenticationOption authOptions;
public BasicAuthenticationHandler(
IOptionsMonitor<BasicAuthenticationOption> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock)
: base(options, logger, encoder, clock)
{
authOptions = options.CurrentValue;
}
/// <summary>
/// 认证
/// </summary>
/// <returns></returns>
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Headers.ContainsKey("Authorization"))
return AuthenticateResult.Fail("Missing Authorization Header");
string username, password;
try
{
var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
var credentialBytes = Convert.FromBase64String(authHeader.Parameter);
var credentials = Encoding.UTF8.GetString(credentialBytes).Split(':');
username = credentials[0];
password = credentials[1];
var isValidUser= IsAuthorized(username,password);
if(isValidUser== false)
{
return AuthenticateResult.Fail("Invalid username or password");
}
}
catch
{
return AuthenticateResult.Fail("Invalid Authorization Header");
}
var claims = new[] {
new Claim(ClaimTypes.NameIdentifier,username),
new Claim(ClaimTypes.Name,username),
};
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return await Task.FromResult(AuthenticateResult.Success(ticket));
}
/// <summary>
/// 质询
/// </summary>
/// <param name="properties"></param>
/// <returns></returns>
protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
{
Response.Headers["WWW-Authenticate"] = $"Basic realm=\"{Options.Realm}\"";
await base.HandleChallengeAsync(properties);
}
/// <summary>
/// 认证失败
/// </summary>
/// <param name="properties"></param>
/// <returns></returns>
protected override async Task HandleForbiddenAsync(AuthenticationProperties properties)
{
await base.HandleForbiddenAsync(properties);
}
private bool IsAuthorized(string username, string password)
{
return username.Equals(authOptions.UserName, StringComparison.InvariantCultureIgnoreCase)
&& password.Equals(authOptions.UserPwd);
}
}
}
// HTTP基本认证Middleware public static class BasicAuthentication
{
public static void UseBasicAuthentication(this IApplicationBuilder app)
{
app.UseMiddleware<BasicAuthenticationMiddleware>();
}
}
public class BasicAuthenticationMiddleware
{
private readonly RequestDelegate _next;
private readonly ILogger _logger;
public BasicAuthenticationMiddleware(RequestDelegate next, ILoggerFactory LoggerFactory)
{
_next = next; _logger = LoggerFactory.CreateLogger<BasicAuthenticationMiddleware>();
}
public async Task Invoke(HttpContext httpContext, IAuthenticationService authenticationService)
{
var authenticated = await authenticationService.AuthenticateAsync(httpContext, BasicAuthenticationScheme.DefaultScheme);
_logger.LogInformation("Access Status:" + authenticated.Succeeded);
if (!authenticated.Succeeded)
{
await authenticationService.ChallengeAsync(httpContext, BasicAuthenticationScheme.DefaultScheme, new AuthenticationProperties { });
return;
}
await _next(httpContext);
}
}
// HTTP基本认证Middleware public static class BasicAuthentication
{
public static void UseBasicAuthentication(this IApplicationBuilder app)
{
app.UseMiddleware<BasicAuthenticationMiddleware>();
}
}
public class BasicAuthenticationMiddleware
{
private readonly RequestDelegate _next;
private readonly ILogger _logger;
public BasicAuthenticationMiddleware(RequestDelegate next, ILoggerFactory LoggerFactory)
{
_next = next; _logger = LoggerFactory.CreateLogger<BasicAuthenticationMiddleware>();
}
public async Task Invoke(HttpContext httpContext, IAuthenticationService authenticationService)
{
var authenticated = await authenticationService.AuthenticateAsync(httpContext, BasicAuthenticationScheme.DefaultScheme);
_logger.LogInformation("Access Status:" + authenticated.Succeeded);
if (!authenticated.Succeeded)
{
await authenticationService.ChallengeAsync(httpContext, BasicAuthenticationScheme.DefaultScheme, new AuthenticationProperties { });
return;
}
await _next(httpContext);
}
}
Startup.cs 文件添加并启用HTTP基本认证
services.AddAuthentication(BasicAuthenticationScheme.DefaultScheme)
.AddScheme<BasicAuthenticationOption, BasicAuthenticationHandler>(BasicAuthenticationScheme.DefaultScheme,null);
app.UseWhen(
predicate:x => x.Request.Path.StartsWithSegments(new PathString(_protectedResourceOption.Path)),
configuration:appBuilder => { appBuilder.UseBasicAuthentication(); }
);
以上BA认证的服务端已经完成,现在可以在浏览器测试:
进一步思考?
浏览器在BA协议中行为: 编程实现BA客户端,要的同学可以直接拿去
/// <summary>
/// BA认证请求Handler
/// </summary>
public class BasicAuthenticationClientHandler : HttpClientHandler
{
public static string BAHeaderNames = "authorization";
private RemoteBasicAuth _remoteAccount;
public BasicAuthenticationClientHandler(RemoteBasicAuth remoteAccount)
{
_remoteAccount = remoteAccount;
AllowAutoRedirect = false;
UseCookies = true;
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var authorization = $"{_remoteAccount.UserName}:{_remoteAccount.Password}";
var authorizationBased64 = "Basic " + Convert.ToBase64String(new ASCIIEncoding().GetBytes(authorization));
request.Headers.Remove(BAHeaderNames);
request.Headers.Add(BAHeaderNames, authorizationBased64);
return base.SendAsync(request, cancellationToken);
}
}
// 生成basic Authentication请求
services.AddHttpClient("eqid-ba-request", x =>
x.BaseAddress = new Uri(_proxyOption.Scheme +"://"+ _proxyOption.Host+":"+_proxyOption.Port ) )
.ConfigurePrimaryHttpMessageHandler(y => new BasicAuthenticationClientHandler(_remoteAccount){} )
.SetHandlerLifetime(TimeSpan.FromMinutes(2));
仿BA认证协议中的浏览器行为
That's All . BA认证是随处可见的基础认证协议,本文期待以最清晰的方式帮助你理解协议:
实现了基本认证协议服务端,客户端;
华山资源网 Design By www.eoogi.com
广告合作:本站广告合作请联系QQ:858582 申请时备注:广告合作(否则不回)
免责声明:本站资源来自互联网收集,仅供用于学习和交流,请遵循相关法律法规,本站一切资源不代表本站立场,如有侵权、后门、不妥请联系本站删除!
免责声明:本站资源来自互联网收集,仅供用于学习和交流,请遵循相关法律法规,本站一切资源不代表本站立场,如有侵权、后门、不妥请联系本站删除!
华山资源网 Design By www.eoogi.com
暂无评论...
P70系列延期,华为新旗舰将在下月发布
3月20日消息,近期博主@数码闲聊站 透露,原定三月份发布的华为新旗舰P70系列延期发布,预计4月份上市。
而博主@定焦数码 爆料,华为的P70系列在定位上已经超过了Mate60,成为了重要的旗舰系列之一。它肩负着重返影像领域顶尖的使命。那么这次P70会带来哪些令人惊艳的创新呢?
根据目前爆料的消息来看,华为P70系列将推出三个版本,其中P70和P70 Pro采用了三角形的摄像头模组设计,而P70 Art则采用了与上一代P60 Art相似的不规则形状设计。这样的外观是否好看见仁见智,但辨识度绝对拉满。
更新日志
2024年11月14日
2024年11月14日
- 魔兽世界wlk暗牧一键输出宏是什么 wlk暗牧一键输出宏介绍
- 群星.1996-红不让台语原唱2辑【福和唱片】【WAV+CUE】
- 郭书瑶.2009-爱的抱抱(EP)【种子音乐】【FLAC分轨】
- 郑瑞芬.1989-BE.MY.BABY【现代】【WAV+CUE】
- 花钱请人每周放30万只不咬人的蚊子 防治登革热传播
- 饭制《第一后裔》丧尸版弗蕾娜
- 贝克汉姆亲临!2024FC品类游戏嘉年华圆满落幕
- 「命轨爻错之翼」风之翼发放说明
- 《原神》前瞻特别节目回顾长图
- 米游币抽抽乐-原神专场现已开启!
- 黑鸭子2001《风情中国HQCD》[日本版][WAV+CUE]
- 陈杰洲1990-成人礼[滚石][WAV+CUE]
- MarkAanderud-HandsFree(2024)[24-44,1]FLAC
- 孙露《观心》1:1母盘直刻限量版[低速原抓WAV+CUE][361M]
- 钟志刚《汽车DJ玩主》[低速原抓WAV+CUE][1G]