Identity Authentication in nancy and nancy Authentication

Identity Authentication in nancy and nancy Authentication

In nancy, identity authentication can be divided into basic, form, token, and stateless. basic and form are not mentioned here. If the identity is saved using cookies, note the following: cookies are limited in size, so they cannot be used to store information larger than 4 K, and some js plug-ins also use cookies, although html5 seems to be more. But pay attention to it. Some people may log on to the website in the previous article because the user information is too large.

Here we are talking about token verification.

ITokenizer

This is an interface that defines token. Tokenizer is an implementation of token. You can implement it by yourself, such as expiration and encryption.

ITokenKeyStore

This is the database for storing Login User identity information on the server. Private ITokenKeyStore keyStore = new FileSystemTokenKeyStore (); this line of code stores user information using files. InMemoryTokenKeyStore stores user information in the memory. You can save your login information in your own way, as long as you implement ITokenKeyStore.

Expiration time

Private Func tokenExpiration = () => TimeSpan. FromDays (1); private Func keyExpiration = () => TimeSpan. FromDays (7); this is the default expiration time

Identity Information

After logging on to the console, A json-formatted message containing the token key value is usually returned.

Token Transfer

After obtaining the token, if you save it to the cookie and then send it out, it is similar to stateless. How to transfer it? Nancy is used to add information headers, that is, adding the field named Authorization to the Header. This is the code in the test instance. header ("Authorization", "Token" + token); you can use jquery's ajax call or add it. Please search by yourself. When you see the code above, note that you need to add the string "token" before passing the token value. I just passed the token value directly.

Var authorization = request. Headers. Authorization in the TokenAuthentication. cs file is used by the server to read authorization information.

Var apiKey = (string) nancyContext. Request. Query. ApiKey. Value; while stateless is transmitted using Request. Query, apikey is generated based on guid, which does not seem to be complicated

The above are the methods and methods in the Code on the official website.