我在带有OpenIddict的ASP.NET Core 2.0应用程序中使用JWT身份验证.
我正在此线程中遵循想法,并在SignalR之后调用AuthorizeWithJWT方法握手.但是现在,我不知道应该在AuthorizeWithJWT方法中设置什么,以便可以使用[Authorize(Roles="Admin")]为例.
我尝试设置上下文用户,但它是只读的:
public class BaseHub : Hub { public async Task AuthorizeWithJWT(string AccessToken) { //get user claims from AccesToken this.Context.User = user; //error User is read only } }并使用authorize属性:
public class VarDesignImportHub : BaseHub { [Authorize(Roles = "Admin")] public async Task Import(string ConnectionString) { } }解决方案
我强烈建议您继续在握手级别进行身份验证,而不要使用您将在SignalR级别实现的自定义和非标准解决方案. /p>
假设您正在使用验证处理程序,则可以强制其从查询字符串中检索访问令牌:
public void ConfigureServices(IServiceCollection services) { services.AddAuthentication() .AddOAuthValidation(options => { options.Events.OnRetrieveToken = context => { context.Token = context.Request.Query["access_token"]; return Task.CompletedTask; }; }); }或OnMessageReceived(如果要使用JWTBearer):
services.AddAuthentication() .AddJwtBearer(o => { o.Events = new JwtBearerEvents() { OnMessageReceived = context => { if (context.Request.Path.ToString().StartsWith("/HUB/")) context.Token = context.Request.Query["access_token"]; return Task.CompletedTask; }, }; });不需要其他更改.
I am using JWT authentication in my ASP.NET Core 2.0 application with OpenIddict.
I am following idea in this thread and calling AuthorizeWithJWT method after SignalR handshake. But now, I do not know what should I set in AuthorizeWithJWT method so I can use [Authorize(Roles="Admin")] for example.
I tried with setting context user, but it is readonly:
public class BaseHub : Hub { public async Task AuthorizeWithJWT(string AccessToken) { //get user claims from AccesToken this.Context.User = user; //error User is read only } }And using authorize attribute:
public class VarDesignImportHub : BaseHub { [Authorize(Roles = "Admin")] public async Task Import(string ConnectionString) { } }解决方案
I strongly encourage you to continue doing authentication at the handshake level instead of going with a custom and non-standard solution you'd implement at the SignalR level.
Assuming you're using the validation handler, you can force it to retrieve the access token from the query string:
public void ConfigureServices(IServiceCollection services) { services.AddAuthentication() .AddOAuthValidation(options => { options.Events.OnRetrieveToken = context => { context.Token = context.Request.Query["access_token"]; return Task.CompletedTask; }; }); }Or OnMessageReceived if you want to use JWTBearer:
services.AddAuthentication() .AddJwtBearer(o => { o.Events = new JwtBearerEvents() { OnMessageReceived = context => { if (context.Request.Path.ToString().StartsWith("/HUB/")) context.Token = context.Request.Query["access_token"]; return Task.CompletedTask; }, }; });No other change should be required.
更多推荐
如何使用JWT授权SignalR Core Hub方法
发布评论