dsgdfh302506 2016-10-06 08:59
浏览 706
已采纳

Authorization标头中的多个参数不能与Basic Auth一起使用

I am creating a basic API using Basic Auth over SSL. The API will be used in a mobile application and allow the creation of an account, with other fairly basic features.

I have decided to hard-code a API key into the mobile application to pass to the API to make it a bit harder for a hacker to access parts of the API that don't require a login (basic auth). Based on what I've read, the API key should be stored in the Authorization header in the HTTP request.

Authorization header:

Key ~@3o42jf!34vm3.!

My PHP API then readers the header and ensures that the key is correct. If it is, basic elements of the API are available.

The problem comes when trying to perform a task that requires a login to be passed to the API. My Authorization header then looks like this:

Key ~@3o42jf!34vm3.! Basic c3RhY2tAZ21haWwuY29tOnRlc3RpbmcxMjM=

The API can still read the key, but the email/password string that I access with $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] are now not set. Is the only way to get around this to read the header manually through apache_request_headers()?

  • 写回答

1条回答 默认 最新

  • dongyu9894 2016-10-06 09:03
    关注

    Since this is a custom header, you should use a separate identifier for it. For example:

    X-Api-Key: ~@3o42jf!34vm3.!
    

    And then you can leave the basic auth header as it is (since it indeed won't work if you insert custom data in it).

    On the PHP side, your custom header can be accessed with $_SERVER['HTTP_X_API_KEY']

    Also make sure that your request headers are in the correct format. It should be like this:

    GET /api/v1/tickets HTTP/1.1
    Host: 123.123.123.123
    Authorization: Basic c3RhY2tAZ21haWwuY29tOnzzz3RpbmcxMjM=
    X-Api-Key: z7='sL(=}24qv'3F
    Cache-Control: no-cache
    Postman-Token: e657c66f-2db1-bf76-78c5-777305b5bfe6
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 VB6可以成功读取的文件,用C#读不了
  • ¥15 如何使用micpyhon解析Modbus RTU返回指定站号的湿度值,并确保正确?
  • ¥15 C++ 句柄后台鼠标拖动如何实现
  • ¥15 有人会SIRIUS 5.8.0这个软件吗
  • ¥30 comsol仿真等离激元
  • ¥15 静电纺丝煅烧后如何得到柔性纤维
  • ¥15 (标签-react native|关键词-镜像源)
  • ¥100 照片生成3D人脸视频
  • ¥15 伪装视频时长问题修改MP4的时长问题,
  • ¥15 JETSON NANO