I m 采用与快递和连接式用户的代号。
这是在要求/指数时进行的核查:
if(req.isAuthenticated()) {
res.redirect( /dashboard );
} else {
res.render( index , { layout: nonav });
}
然而,在伐木之后,我可以看到仪表板。
我如何对每一项要求进行认证检查,以确保随时都有有效的用户?
在认证方面,我没有任何问题,所有事情都不起作用! 我需要一种解决办法,即如果每个路线/要求都有有效的用户,而不必在路线执行中设置功能或说明,因为整个申请需要一个有效的用户。 快通-航道-外围使用“限制”路线,该定义已经关闭,但许多路线很容易被忘记。
app.all( * ,function(req,res,next){
if(req.isAuthenticated()){
next();
}else{
next(new Error(401)); // 401 Not Authorized
}
});
// NOTE: depending on your version of express,
// you may need to use app.error here, rather
// than app.use.
app.use(function(err,req,res,next){
// Just basic, should be filled out to next()
// or respond on all possible code paths
if(err instanceof Error){
if(err.message === 401 ){
res.render( error401 );
}
}
});
如果你界定了“<>all航线,然后路线上要求认证,而后路线(如主页、标识等),则该路线只应影响所需要的路线。 或者,你可以使用一个登记册而不是<代码>,* ,其中将包括需要认证的一条路子或路标清单。
另一种选择是建立一种功能,在每一条路线中包含必要的内容:
function IsAuthenticated(req,res,next){
if(req.isAuthenticated()){
next();
}else{
next(new Error(401));
}
}
app.get( /login ,function(req,res,next){
res.render( login );
});
app.get( /dashboard ,IsAuthenticated,function(req,res,next){
res.render( dashboard );
});
app.get( /settings ,IsAuthenticated,function(req,res,next){
res.render( settings );
});
您可使用<代码>sessions 机制>。 将该守则列入app.configure(),以便:
app.use(express.cookieParser());
app.use(express.session({
secret: some string used for calculating hash
}));
之后,你能够使用<代码>req.session<>/code>物体(每份请求有不同之处)储存其核证数据(或其他任何情况)。 因此,你的榜样法典将探讨这样的问题:
if (req.session && req.session.authorized) {
res.redirect( /dashboard );
}
else {
res.render( index , {layout: nonav });
}
认证将照此办理:
req.session.authorized = checkPassword(login, passw);
投票:
req.session.destroy();
http://senchalabs.github.com/joint/“here。
I installed this instant messenger program called IM+ that keeps your accounts online even when you exit the application (you know... touch: only one app at a time) it accepts push deliveries to ...
I am trying to develop my login script to give feedback to the user if the login is valid or not. Basically if it isn t correct a div box will show saying its wrong, if its correct it will show its ...
Suppose I am writing a server for a particular network protocol. If I know that the client is running on a Windows machine, is it possible for my server to authenticate the Windows user that owns the ...
The infrastructure team wants to update the authentication protocol to NTLMv2 and Kerberos. Will this affect CRM 4.0 on-premise installation. What would need to be changed in order to use the ...
I m developing an ASP.NET MVC site that utilizes forms authentication for part of the application. During development, I need to be able to give external parties access to a development server hosting ...
If I have a type like: public class Context { public Context() { } public IQueryable<Record> Records { get { if (user == someone) //psuedocode ...
We recently attempted to add ip address validation to our website s login security. So in addition to having a cookie with valid credentials, we checked that your ip address on page request matched ...
While looking into forms authorizing/authentication, I found that it is possible to do role based authorizing by adding an array of roles to a FormsAuthenticationTicket. That way I can write User....