当前位置: 文江博客话题详情

可以使用 jQuery 进行摘要式身份验证吗?

发布于 2024-10-21 08:47:20 字数 555 浏览 7 评论 0原文

我正在尝试发送需要 HTTP 摘要身份验证的请求。

jQuery 中可以进行摘要吗?

如果是这样,这是否接近正确的方法?目前还没有工作。

<script type="text/javascript">
    $.ajax({
        url: url,
        type: 'GET',
        dataType: 'json',
        success: function() { alert('hello!'); },
        error: function() { alert('error')},
        beforeSend: setHeader

    });

    function setHeader(xhr){
        xhr.setRequestHeader("Authorization", "Digest username:password");
        xhr.setRequestHeader("Accept", "application/json");
    }
</script>
原文

I'm trying to send a request that requires HTTP Digest authentication.

Is Digest possible in jQuery?

If so, is this close to the correct way to do it? It's not currently working.

<script type="text/javascript">
    $.ajax({
        url: url,
        type: 'GET',
        dataType: 'json',
        success: function() { alert('hello!'); },
        error: function() { alert('error')},
        beforeSend: setHeader

    });

    function setHeader(xhr){
        xhr.setRequestHeader("Authorization", "Digest username:password");
        xhr.setRequestHeader("Accept", "application/json");
    }
</script>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

若水般的淡然安静女子 2024-10-28 08:47:20

不,摘要式访问身份验证方案稍微复杂一些,因为它实现挑战-响应身份验证机制,需要以下步骤:

  1. 客户端发送请求受访问保护的资源,但未发送可接受的“Authorization”标头字段
  2. 服务器以“401 Unauthorized”状态代码和 WWW-Authenticate 标头字段( >digest-challenge
  3. 客户端发送另一个对同一资源的请求,但包含一个授权标头字段以响应挑战(摘要响应
  4. )授权不成功,转步骤2;否则服务器将正常运行。

这意味着至少有两个请求/响应对。

每个 WWW-Authenticate 响应标头字段 的语法为:

challenge =“摘要”摘要挑战
摘要挑战 = 1#( 领域 | [ 域 ] | 随机数 |
                    [ 不透明 ] |[ 陈旧 ] | [算法] |
                    [ qop-选项 ] | [验证参数] )

因此,您需要解析digest-challenge以获取参数,以便能够为授权请求标头字段,语法如下:

credentials =“摘要”摘要响应
摘要响应 = 1#( 用户名 | 领域 | 随机数 | 摘要-uri
                |回应 | [算法] | [cnonce] |
                [不透明] | [消息-qop] |
                    [随机数计数] | [验证参数] )

该部分还描述了如何计算摘要响应参数。特别是,您可能需要 MD5 实现,因为这是此身份验证方案最常用的算法。

您可以从以下简单的标记化开始:

var ws = '(?:(?:\\r\\n)?[ \\t])+',
    token = '(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2E\\x30-\\x39\\x3F\\x41-\\x5A\\x5E-\\x7A\\x7C\\x7E]+)',
    quotedString = '"(?:[\\x00-\\x0B\\x0D-\\x21\\x23-\\x5B\\\\x5D-\\x7F]|'+ws+'|\\\\[\\x00-\\x7F])*"',
    tokenizer = RegExp(token+'(?:=(?:'+quotedString+'|'+token+'))?', 'g');
var tokens = xhr.getResponseHeader("WWW-Authentication").match(tokenizer);

这会将 WWW-Authenticate 标头字段(如:) 转换

WWW-Authenticate: Digest
        realm="[email protected]",
        qop="auth,auth-int",
        nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
        opaque="5ccc069c403ebaf9f0171e9517f40e41"

为:

['Digest', 'realm="[email protected]"', 'qop="auth,auth-int"', 'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093"', 'opaque="5ccc069c403ebaf9f0171e9517f40e41"']

然后您需要解析参数(检查存在性和有效性)并提取值。请注意,引用字符串值可以折叠,因此您需要展开它们(另请参阅 RFC 中取消引用函数 unq 的使用):

function unq(quotedString) {
    return quotedString.substr(1, quotedString.length-2).replace(/(?:(?:\r\n)?[ \t])+/g, " ");
}

有了这个,您应该能够自己实现。

No, the Digest Access Authentication Scheme is a little more complex as it implements a challenge-response authentication mechanism that requires the following steps:

  1. client sends a request for an access-protected resource, but an acceptable Authorization header field is not sent
  2. server responds with a "401 Unauthorized" status code and a WWW-Authenticate header field (the digest-challenge)
  3. client sends another request for the same resource but containing a Authorization header field in response to the challenge (the digest-response)
  4. if the authorization is not successful, go to step 2; otherwise the server proceeds as normal.

This means there are at least two request/response pairs.

Each WWW-Authenticate response header field has the syntax:

challenge        =  "Digest" digest-challenge
digest-challenge  = 1#( realm | [ domain ] | nonce |
                    [ opaque ] |[ stale ] | [ algorithm ] |
                    [ qop-options ] | [auth-param] )

So you need to parse the digest-challenge to get the parameters to be able to generate a digest-reponse for the Authorization request header field with the following syntax:

credentials      = "Digest" digest-response
digest-response  = 1#( username | realm | nonce | digest-uri
                | response | [ algorithm ] | [cnonce] |
                [opaque] | [message-qop] |
                    [nonce-count]  | [auth-param] )

That section does also describe how the digest-response parameters are calculated. In particular, you will probably need an MD5 implementation as that’s the most commonly used algorithm for this authentication scheme.

Here is a simple tokenization that you can start with:

var ws = '(?:(?:\\r\\n)?[ \\t])+',
    token = '(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2E\\x30-\\x39\\x3F\\x41-\\x5A\\x5E-\\x7A\\x7C\\x7E]+)',
    quotedString = '"(?:[\\x00-\\x0B\\x0D-\\x21\\x23-\\x5B\\\\x5D-\\x7F]|'+ws+'|\\\\[\\x00-\\x7F])*"',
    tokenizer = RegExp(token+'(?:=(?:'+quotedString+'|'+token+'))?', 'g');
var tokens = xhr.getResponseHeader("WWW-Authentication").match(tokenizer);

This will turn a WWW-Authenticate header field like:

WWW-Authenticate: Digest
        realm="[email protected]",
        qop="auth,auth-int",
        nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
        opaque="5ccc069c403ebaf9f0171e9517f40e41"

into:

['Digest', 'realm="[email protected]"', 'qop="auth,auth-int"', 'nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093"', 'opaque="5ccc069c403ebaf9f0171e9517f40e41"']

Then you need to parse the parameters (check existence and validity) and extract the values. Note that quoted-string values can be folded, so you need to unfold them (see also the use of the unquote function unq in the RFC):

function unq(quotedString) {
    return quotedString.substr(1, quotedString.length-2).replace(/(?:(?:\r\n)?[ \t])+/g, " ");
}

With this you should be able to implement that on your own.

回复 原文
眼眸 2024-10-28 08:47:20

使用普通的 javascript 是可能的。尝试digestAuthRequest.js:

https://github.com/inorganik/digest-auth-request

It is possible with vanilla javascript. Try digestAuthRequest.js:

https://github.com/inorganik/digest-auth-request

回复 原文
零度℉ 2024-10-28 08:47:20

您应该尝试digestj jquery 插件。

http://code.google.com/p/digestj/

这是部分实现,但是足以帮助你度过难关。

You should try the digestj jquery plugin.

http://code.google.com/p/digestj/

It is a partial implementation but could be sufficient to help you get through.

回复 原文
~没有更多了~

关于作者

靖瑶

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

╰ゝ天使的微笑

文章 0 评论 0

少女净妖师

文章 0 评论 0

朱洁

文章 0 评论 0

觉浅

文章 0 评论 0

滥情空心

文章 0 评论 0

hl1314520

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文