使用 SSL 通过 TCP/IP 套接字进行客户端/服务器通信,无需 Web 服务器

发布于 2024-11-12 21:35:21 字数 375 浏览 3 评论 0原文

我有一个使用 TCP 侦听器机制的服务器应用程序,使用 SslStream 类在其上使用 SSL,与此线程中描述的非常相似: Tcpip 侦听器套接字 SSL 流如此混乱

然而,我们的客户是所有操作系统(iOS、Android 等)的移动设备。我有一个服务器端证书,但我真正想要从客户端获得的身份验证是通过基本身份验证协议给出的用户/密码字符串对。

如果来自客户端的初始连接为我提供了这些凭据,那么一切都很好 - 我解析请求,提取它们并进行检查。但如果没有提供 - 我该如何索取?

I have a server application using a TCP listener mechanism with SSL over it using SslStream class, very much similar to what is described in this thread: Tcpip listener sockets SSL streams so much confusion

Our clients, however, are mobile devices of all OS's (iOS, Android etc). I have a server side certificate, but all I really want from my clients as authentication is a user/pwd string pair given with Basic Authentication protocol.

If the initial connection from the client provides me with these credentials, all is well - I parse the request, extract them and do my checks. If however they are not supplied - how do I ask for them?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

止于盛夏 2024-11-19 21:35:21

HTTP 状态代码 401 与 WWW-Authenticate: Basic 标头一起用于提示 HTTP 客户端发送用户名/密码字符串,如 示例

客户端请求(无身份验证):

GET /private/index.html HTTP/1.11
Host: localhost

服务器响应:

HTTP/1.1 401 Authorization Required
Server: HTTPd/1.0
Date: Sat, 27 Nov 2004 10:18:15 GMT
WWW-Authenticate: Basic realm="Secure Area"
Content-Type: text/html
Content-Length: 311

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<HTML>
  <HEAD>
    <TITLE>Error</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
  </HEAD>
  <BODY><H1>401 Unauthorized.</H1></BODY>
</HTML>

客户端请求(用户名“Aladdin”,密码“open sesame”):

GET /private/index.html HTTP/1.1
Host: localhost
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

The HTTP status code 401 along with the WWW-Authenticate: Basic header is used to prompt the HTTP client to send the username/password string as can be seen in this example

Client request (no authentication):

GET /private/index.html HTTP/1.11
Host: localhost

Server response:

HTTP/1.1 401 Authorization Required
Server: HTTPd/1.0
Date: Sat, 27 Nov 2004 10:18:15 GMT
WWW-Authenticate: Basic realm="Secure Area"
Content-Type: text/html
Content-Length: 311

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<HTML>
  <HEAD>
    <TITLE>Error</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
  </HEAD>
  <BODY><H1>401 Unauthorized.</H1></BODY>
</HTML>

Client request (user name "Aladdin", password "open sesame"):

GET /private/index.html HTTP/1.1
Host: localhost
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文