jQuery 是否可以进行摘要式身份验证?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5288150/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is Digest authentication possible with jQuery?
提问by Mitciv
I'm trying to send a request that requires HTTP Digest authentication.
我正在尝试发送需要 HTTP 摘要身份验证的请求。
Is Digest possible in jQuery?
是否可以在 jQuery 中进行摘要?
If so, is this close to the correct way to do it? It's not currently working.
如果是这样,这是否接近正确的方法?它目前不起作用。
<script type="text/javascript">
$.ajax({
url: url,
type: 'GET',
dataType: 'json',
success: function() { alert('hello!'); },
error: function() { alert('error')},
beforeSend: setHeader
});
function setHeader(xhr){
xhr.setRequestHeader("Authorization", "Digest username:password");
xhr.setRequestHeader("Accept", "application/json");
}
</script>
回答by Gumbo
No, the Digest Access Authentication Schemeis a little more complex as it implements a challenge-response authentication mechanismthat requires the following steps:
不,摘要访问身份验证方案稍微复杂一些,因为它实现了质询-响应身份验证机制,需要以下步骤:
- client sends a request for an access-protected resource, but an acceptable Authorizationheader field is not sent
- server responds with a "401 Unauthorized" status code and a WWW-Authenticateheader field (the digest-challenge)
- client sends another request for the same resource but containing a Authorizationheader field in response to the challenge (the digest-response)
- if the authorization is not successful, go to step 2; otherwise the server proceeds as normal.
- 客户端发送对访问保护资源的请求,但未发送可接受的授权头字段
- 服务器以“401 Unauthorized”状态代码和WWW-Authenticate标头字段(digest-challenge)响应
- 客户端发送对相同资源的另一个请求,但包含一个Authorization标头字段以响应挑战(摘要响应)
- 如果授权不成功,转步骤2;否则服务器照常进行。
This means there are at least two request/response pairs.
这意味着至少有两个请求/响应对。
Each WWW-Authenticateresponse header fieldhas the syntax:
每个WWW-Authenticate响应头字段的语法如下:
challenge = "Digest" digest-challenge digest-challenge = 1#( realm | [ domain ] | nonce | [ opaque ] |[ stale ] | [ algorithm ] | [ qop-options ] | [auth-param] )
challenge = "Digest" digest-challenge digest-challenge = 1#( realm | [ domain ] | nonce | [ opaque ] |[ stale ] | [ algorithm ] | [ qop-options ] | [auth-param] )
So you need to parse the digest-challengeto get the parameters to be able to generate a digest-reponsefor the Authorizationrequest header fieldwith the following syntax:
因此,您需要解析摘要挑战以获取参数,以便能够使用以下语法为授权请求标头字段生成摘要响应:
credentials = "Digest" digest-response digest-response = 1#( username | realm | nonce | digest-uri | response | [ algorithm ] | [cnonce] | [opaque] | [message-qop] | [nonce-count] | [auth-param] )
credentials = "Digest" digest-response digest-response = 1#( username | realm | nonce | digest-uri | response | [ algorithm ] | [cnonce] | [opaque] | [message-qop] | [nonce-count] | [auth-param] )
That section does also describe how the digest-responseparameters are calculated. In particular, you will probably need an MD5 implementation as that's the most commonly used algorithmfor this authentication scheme.
该部分还描述了如何计算摘要-响应参数。特别是,您可能需要一个 MD5 实现,因为这是此身份验证方案最常用的算法。
Here is a simple tokenization that you can start with:
这是一个简单的标记化,您可以从它开始:
var ws = '(?:(?:\r\n)?[ \t])+',
token = '(?:[\x21\x23-\x27\x2A\x2B\x2D\x2E\x30-\x39\x3F\x41-\x5A\x5E-\x7A\x7C\x7E]+)',
quotedString = '"(?:[\x00-\x0B\x0D-\x21\x23-\x5B\\x5D-\x7F]|'+ws+'|\\[\x00-\x7F])*"',
tokenizer = RegExp(token+'(?:=(?:'+quotedString+'|'+token+'))?', 'g');
var tokens = xhr.getResponseHeader("WWW-Authentication").match(tokenizer);
This will turn a WWW-Authenticateheader field like:
这将变成一个WWW-Authenticate标头字段,如:
WWW-Authenticate: Digest
realm="[email protected]",
qop="auth,auth-int",
nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
opaque="5ccc069c403ebaf9f0171e9517f40e41"
into:
进入:
['Digest', 'realm="[email protected]"', 'qop="auth,auth-int"', 'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093"', 'opaque="5ccc069c403ebaf9f0171e9517f40e41"']
Then you need to parse the parameters (check existence and validity) and extract the values. Note that quoted-stringvalues can be folded, so you need to unfold them (see also the use of the unquote function unqin the RFC):
然后您需要解析参数(检查存在和有效性)并提取值。请注意,quoted-string值可以折叠,因此您需要展开它们(另请参阅unqRFC 中unquote 函数的使用):
function unq(quotedString) {
return quotedString.substr(1, quotedString.length-2).replace(/(?:(?:\r\n)?[ \t])+/g, " ");
}
With this you should be able to implement that on your own.
有了这个,你应该能够自己实现它。
回答by inorganik
It is possible with vanilla javascript. Try digestAuthRequest.js:
使用 vanilla javascript 是可能的。尝试digestAuthRequest.js:
回答by Jerome WAGNER
You should try the digestj jquery plugin.
您应该尝试digestj jquery 插件。
http://code.google.com/p/digestj/
http://code.google.com/p/digestj/
It is a partial implementation but could be sufficient to help you get through.
这是一个部分实现,但足以帮助您完成。
