问题描述

我刚开始接触ServiceStack，作为一个测试用例，我期待这返工使用标准ASP.Net处理器构建的现有服务。我已经成功地得到它的所有工作，因为我想它，但有某些方面它利用ASP​​.Net Session对象。

I'm just getting started with ServiceStack and, as a test case, I am looking to rework an existing service which is built using standard ASP.Net handlers. I've managed to get it all working as I want it but have certain aspects which make use of the ASP.Net Session object.

我已经尝试添加IRequiresSessionState进入服务接口：

I've tried adding IRequiresSessionState into the service interface:

public class SessionTestService : RestServiceBase<SessionTest>, IRequiresSessionState {
    public override object OnPost(SessionTest request) {
        // Here I want to use System.Web.HttpContext.Current.Session
    }
}

麻烦的是我似乎无法得到它的工作作为Session对象总是空。

The trouble is I can't seem to get it to work as the Session object is always null.

我已经做了很多的谷歌搜索，并已困惑过https://github.com/mythz/ServiceStack/blob/master/tests/ServiceStack.WebHost.IntegrationTests/Services/Secure.cs和类似的，但我找不到任何例如code这做到这一点（这让我吃惊）。任何人都可以解释为什么上面不工作，指教一下，我需要做的就是它的工作？

I've done a lot of Googling and have puzzled over https://github.com/mythz/ServiceStack/blob/master/tests/ServiceStack.WebHost.IntegrationTests/Services/Secure.cs and similar but I can't find any example code which does this (which surprises me). Can anyone explain why the above doesn't work and advise what I need to do to get it working?

注意：最后，我可能会看与Redis的替换此或会尝试删除任何服务器端的会话要求，但我想我会使用ASP.Net实现暂且，把事情的工作，避免返工它比在这一点上是必要的。

Note: Ultimately I'll probably look to replace this with Redis or will try to remove any serverside session requirement, but I figured that I'd use the ASP.Net implementation for the time being, to get things working and to avoid reworking it more than is necessary at this point.

推荐答案

使用ServiceStack的Isession

ServiceStack具有由 ICacheClient 支持一个新的的Isession 界面，可以让你分享同一个的Isession MVC控制器，ASP.NET基页和共享相同的Cookie ID，让您对这些Web框架之间自由共享数据ServiceStack的Web服务之间。

ServiceStack has a new ISession interface backed by ICacheClient that lets you share same ISession between MVC Controllers, ASP.NET base pages and ServiceStack's Web Services which share the same Cookie Id allowing you to freely share data between these web frameworks.

请注意：ISession的是一个实施清洁能完全在的并详细的解释。

Note: ISession is a clean implementation that completely by-passes the existing ASP.NET session with ServiceStack's own components as described in ServiceStack's MVC PowerPack and explained in detail in the Sessions wiki page.

要很容易利用ServiceStack的Session（缓存和放大器; JSON序列）的有你的控制器从ServiceStackController （在MVC）或PageBase （在ASP.NET）

To easily make use of ServiceStack's Session (Cache & JSON Serializer) have your Controllers inherit from ServiceStackController (in MVC) or PageBase (in ASP.NET)

还有一个在ServiceStack增加了新的认证/确认的功能，你可以在wiki上阅读：

There is also new Authentication / Validation functionality added in ServiceStack which you can read about on the wiki:

• Authentication and authorization
• Validation

使用ASP.NET会话

ServiceStack 只是一套轻量级的的IHttpHandler的在任一个ASP.NET或正在运行的HttpListener主机。如果IIS / ASP.NET（最常见）主办它像一个正常的ASP.NET请求。

Essentially ServiceStack is just a set of lightweight IHttpHandler's running on either an ASP.NET or HttpListener host. If hosted in IIS/ASP.NET (most common) it works like a normal ASP.NET request.

在ServiceStack没有访问或影响底层的ASP.NET应用程序配置的缓存和会话提供商。如果要启用它，你需要将其配置为每个正常ASP.NET（即ServiceStack外）见：

Nothing in ServiceStack accesses or affects the configured Caching and Session providers in the underlying ASP.NET application. If you want to enable it you would need to configure it as per normal in ASP.NET (i.e. outside of ServiceStack) see:

http://msdn.microsoft.com/en-us/library/ms178581.aspx

一旦配置好，你可以通过单访问ServiceStack网络服务里面的ASP.NET会话：

Once configured you can access the ASP.NET session inside a ServiceStack web service via the singleton:

HttpContext.Current.Session

或者可以选择通过底层ASP.NET的Htt prequest有：

Or alternatively via the underlying ASP.NET HttpRequest with:

var req = (HttpRequest)base.RequestContext.Get<IHttpRequest>().OriginalRequest;
var session = req.RequestContext.HttpContext.Session;

虽然因为XML配置和强制性依赖degraded默认情况下的表现，我preFER回避使用ASP.NET的Session，而不是选择使用清洁的的附带ServiceStack。

Although because of the mandatory reliance on XML config and degraded performance by default, I prefer to shun the use of ASP.NET's Session, instead opting to use the cleaner Cache Clients included with ServiceStack.

基本上一路会议工作（包括ASP.NET）是一个包含唯一ID的cookie 添加到唯一标识浏览器会话的响应。这 ID 点，从而重新$ P $服务器上的匹配字典/集psents浏览器会话。

Basically the way Sessions work (ASP.NET included) is a cookie containing a unique id is added to the Response uniquely identifying the browser session. This id points to a matching Dictionary/Collection on the server which represents the browsers' Session.

在 IRequiresSession 接口链接到默认情况下不执行任何操作，它仅仅是通知，要么这个请求需要被验证自定义请求过滤器或基于Web服务的方式（即你应该把验证/认证逻辑在ServiceStack两个地方）。

The IRequiresSession interface you link to doesn't do anything by default, it simply is a way to signal to either a Custom Request Filter or base web service that this request needs to be authenticated (i.e. two places where you should put validation/authentication logic in ServiceStack).

下面是一个Basic看到看起来验证实施如果Web服务是安全的，如果因此要确保他们身份验证。

Here's a Basic Auth implementation that looks to see if a web service is Secure and if so make sure they have authenticated.

下面的another认证实施，与其验证标有 [授权] 属性的所有服务，并how通过添加属性您的要求DTO启用服务验证。

Here's another authentication implementation that instead validates all services marked with an [Authenticate] attribute, and how to enable Authentication for your service by adding the Attribute on your Request DTO.

上面的实现是分开的多权威性提供者模型中包括的ServiceStack的下一个版本。这里的the参考例显示如何注册和在应用程序配置新的验证模式。

The above implementation is apart of the multi-auth provider model included in the next version of ServiceStack. Here's the reference example showing how to register and configure the new Auth model in your application.

新的身份验证模式完全是一个选择的方便，你可以根本不使用它，并实现自己使用请求过滤器类似的行为或基类（通过重写OnBeforeExecute).事实上，新的验证服务，实际上并没有内置于每本身ServiceStack，整个执行住在可选的ServiceStack.ServiceInterfaces项目中使用自定义请求筛选并实施。

The new Auth model is entirely an opt-in convenience as you can simply not use it and implement similar behaviour yourself using Request Filters or in base classes (by overriding OnBeforeExecute). In fact the new Auth services are not actually built-into ServiceStack per-se. The entire implementation lives in the optional ServiceStack.ServiceInterfaces project and implemented using Custom Request Filters.

下面是我用多年来不同的身份验证策略：

Here are different Authentication strategies I've used over the years:

• 这需要与 [属性]认证标志服务。可能是最地道的C＃的方式，理想的时候在会话ID 是通过cookie过去了。

• Mark services that need authentication with an [Attribute]. Likely the most idiomatic C# way, ideal when the session-id is passed via a Cookie.

特别是外部的Web上下文，有时采用了更为明确的 IRequiresAuthentication 接口，因为它提供给需要验证用户和SessionID的强类型的访问更好。

Especially outside of a Web Context, sometimes using a more explicit IRequiresAuthentication interface is better as it provides strong-typed access to the User and SessionId required for Authentication.

您可以只拥有1班轮在需要它的每个服务进行身份验证 - 即席基础上。当你有需要身份验证的服务非常少一个合适的方法。

You can just have a 1-liner to authenticate on each service that needs it - on an adhoc basis. A suitable approach when you have very few services requiring authentication.

这篇关于如何使用ServiceStack服务实现中的一个标准的ASP.NET会话对象的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！