找到你要的答案

Q:How to remove basic authentication in angularness? It seems that, In addition,

Q:如何去除有角的基本认证? 似乎, 此外,

Hi am using basic authentication for webservie integration.

$http.defaults.headers.common['Authorization'] = 'Basic ' + Base64.encode(Username + ':' + password);
        $http({method: 'GET', url: 'http:url.com'}).
            success(function(data) {
                if(data=='' || data==null || data=='undefined'){
                    var alertPopup = $ionicPopup.alert({
                        title: 'Info!',
                        template: 'Invalid Password, or no user found with this Email Address'
                    });
                    alertPopup.then(function(res) {
                        console.log('Invalid Password, or no user found with this Email Address ');
                    });

                }

This code is working fine for me .but my problem is if one user is logedin using username and password.then logged out after that another user try to logged in with different username and password will get the previous user loged in. how to clear the header authentication data?

我使用基本身份验证webservie一体化。

$http.defaults.headers.common['Authorization'] = 'Basic ' + Base64.encode(Username + ':' + password);
        $http({method: 'GET', url: 'http:url.com'}).
            success(function(data) {
                if(data=='' || data==null || data=='undefined'){
                    var alertPopup = $ionicPopup.alert({
                        title: 'Info!',
                        template: 'Invalid Password, or no user found with this Email Address'
                    });
                    alertPopup.then(function(res) {
                        console.log('Invalid Password, or no user found with this Email Address ');
                    });

                }

这段代码运行得很好。但我的问题是如果一个用户是logedin使用用户名和password.then登出后,另一个用户试图登录不同的用户名和密码将把以前的用户登录。如何清除头验证数据?

answer1: 回答1:

You could probably redefine the header with

$http.defaults.headers.common['Authorization'] = 'Basic ' + Base64.encode(newUsername + ':' + newPassword)

您可能会重新定义头

$http.defaults.headers.common['Authorization'] = 'Basic ' + Base64.encode(newUsername + ':' + newPassword)
answer2: 回答2:

It seems that,

You have not replaced the Authorization header when

  1. the user logged out
  2. logged in as a different user

Login - call this every time a user logs in

function setCredentials(username, password) {
    $http.defaults.headers.common['Authorization'] = 'Basic ' + Base64.encode(username + ':' + password); 
};

Logout - call this when a user logs out

function clearCredentials() {
    $http.defaults.headers.common.Authorization = 'Basic ';
};

The above snippets simplified from this tutorial - AngularJS Basic HTTP Authentication Example. i recommend reading it


In addition,

Please note that using basic http authentication is insecure because the password passed on each request with no encryption!

As an alternative, you can change basic http authentication to a server side authentication using sessions (comment the server your'e using and i'll link you to example)

If you still decides to keep the basic http authentication, at least use HTTPS !

似乎,

您没有更换授权标头时

  1. the user logged out
  2. logged in as a different user

登录-每次用户登录时调用

function setCredentials(username, password) {
    $http.defaults.headers.common['Authorization'] = 'Basic ' + Base64.encode(username + ':' + password); 
};

注销-把这当一个用户登录了

function clearCredentials() {
    $http.defaults.headers.common.Authorization = 'Basic ';
};

以上片段简化从本教程- AngularJS基本HTTP身份验证的例子。我建议读它


此外,

请注意,使用基本的HTTP身份验证的密码是不安全的,通过对每个请求没有加密!

作为替代,你可以改变基本的HTTP认证使用会话服务器端认证(评论服务器你是使用我的链接你的例子)

如果你仍然想保持基本的HTTP认证,至少使用HTTPS!

answer3: 回答3:

I've found this solution working:

When initiating a logout, first try making a bad request with a fake user to throw away the currently cached credentials.

I have this function doing the requests (it's using jquery's $.ajax with disabled asynch calls):

function authenticateUser(username, hash) {
    var result = false;
    var encoded = btoa(username + ':' + hash);

    $.ajax({
        type: "POST",
        beforeSend: function (request) {
            request.setRequestHeader("Authorization", 'Basic ' + encoded);
        },
        url: "user/current",
        statusCode: {
            401: function () {
                result = false;
            },
            200: function (response) {
                result = response;
            }
        },
        async: false
    });

    return result;
}

So when I try to log a user out, this happens:

//This will send a request with a non-existant user.
//The purpose is to overwrite the cached data with something else
accountServices.authenticateUser('logout','logout');

//Since setting headers.common.Authorization = '' will still send some
//kind of auth data, I've redefined the headers.common object to get
//rid of the Authorization property
$http.defaults.headers.common = {Accept: "application/json, text/plain, */*"};

我发现这个解决方案的工作:

当启动一个注销,第一次尝试做一个坏的请求与假用户抛弃当前缓存的凭据。

我有这个功能做的要求(它使用jQuery的Ajax异步调用美元。残疾):

function authenticateUser(username, hash) {
    var result = false;
    var encoded = btoa(username + ':' + hash);

    $.ajax({
        type: "POST",
        beforeSend: function (request) {
            request.setRequestHeader("Authorization", 'Basic ' + encoded);
        },
        url: "user/current",
        statusCode: {
            401: function () {
                result = false;
            },
            200: function (response) {
                result = response;
            }
        },
        async: false
    });

    return result;
}

所以,当我试图记录用户,这发生:

//This will send a request with a non-existant user.
//The purpose is to overwrite the cached data with something else
accountServices.authenticateUser('logout','logout');

//Since setting headers.common.Authorization = '' will still send some
//kind of auth data, I've redefined the headers.common object to get
//rid of the Authorization property
$http.defaults.headers.common = {Accept: "application/json, text/plain, */*"};
angularjs  cordova  ionic-framework  ionic