如何使用JWT授权SignalR Core Hub方法

本文介绍了如何使用JWT授权SignalR Core Hub方法的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我在带有OpenIddict的ASP.NET Core 2.0应用程序中使用JWT身份验证.

我正在此线程中遵循想法，并在SignalR之后调用AuthorizeWithJWT方法握手.但是现在，我不知道应该在AuthorizeWithJWT方法中设置什么，以便可以使用[Authorize(Roles="Admin")]为例.

我尝试设置上下文用户，但它是只读的:

public class BaseHub : Hub { public async Task AuthorizeWithJWT(string AccessToken) { //get user claims from AccesToken this.Context.User = user; //error User is read only } }

并使用authorize属性:

public class VarDesignImportHub : BaseHub { [Authorize(Roles = "Admin")] public async Task Import(string ConnectionString) { } }

解决方案

我强烈建议您继续在握手级别进行身份验证，而不要使用您将在SignalR级别实现的自定义和非标准解决方案. /p>

假设您正在使用验证处理程序，则可以强制其从查询字符串中检索访问令牌:

public void ConfigureServices(IServiceCollection services) { services.AddAuthentication() .AddOAuthValidation(options => { options.Events.OnRetrieveToken = context => { context.Token = context.Request.Query["access_token"]; return Task.CompletedTask; }; }); }

或OnMessageReceived(如果要使用JWTBearer):

services.AddAuthentication() .AddJwtBearer(o => { o.Events = new JwtBearerEvents() { OnMessageReceived = context => { if (context.Request.Path.ToString().StartsWith("/HUB/")) context.Token = context.Request.Query["access_token"]; return Task.CompletedTask; }, }; });

不需要其他更改.

I am using JWT authentication in my ASP.NET Core 2.0 application with OpenIddict.

I am following idea in this thread and calling AuthorizeWithJWT method after SignalR handshake. But now, I do not know what should I set in AuthorizeWithJWT method so I can use [Authorize(Roles="Admin")] for example.

I tried with setting context user, but it is readonly:

public class BaseHub : Hub { public async Task AuthorizeWithJWT(string AccessToken) { //get user claims from AccesToken this.Context.User = user; //error User is read only } }

And using authorize attribute:

public class VarDesignImportHub : BaseHub { [Authorize(Roles = "Admin")] public async Task Import(string ConnectionString) { } }

解决方案

I strongly encourage you to continue doing authentication at the handshake level instead of going with a custom and non-standard solution you'd implement at the SignalR level.

Assuming you're using the validation handler, you can force it to retrieve the access token from the query string:

public void ConfigureServices(IServiceCollection services) { services.AddAuthentication() .AddOAuthValidation(options => { options.Events.OnRetrieveToken = context => { context.Token = context.Request.Query["access_token"]; return Task.CompletedTask; }; }); }

Or OnMessageReceived if you want to use JWTBearer:

services.AddAuthentication() .AddJwtBearer(o => { o.Events = new JwtBearerEvents() { OnMessageReceived = context => { if (context.Request.Path.ToString().StartsWith("/HUB/")) context.Token = context.Request.Query["access_token"]; return Task.CompletedTask; }, }; });

No other change should be required.