ServiceStack ServerEvents身份验证配置 [英] ServiceStack ServerEvents authentication configuration

问题描述

我正在尝试将JWT身份验证与ServiceStack ServerEvents一起使用，以确保所有用户均已通过身份验证，但是我找不到如何配置服务器事件来执行此操作.我认为这可以在默认配置下工作，因为在文档中没有提到如何使其正常工作，只是它可以正常工作，这意味着我的配置中的某些功能已禁用/破坏了此功能，但我无法解决.

I'm trying to use JWT authentication with ServiceStack ServerEvents to ensure that all users are authenticated but I can't find how to configure server events to do this. I assume that this works in the default configuration since it's not mentioned in the docs how to get it working, only that it does, which would mean that something in my configuration has disabled/broken this feature but I can't work out what.

在服务器端，Configure()中的设置非常简单.

On the server side the setup in Configure() is pretty simple.

this.Plugins.Add(
    new AuthFeature(
        () => { return new AuthenticatedSession(); },
        new IAuthProvider[] { jwt, perpetualJwt }
    )
    {
        IncludeAssignRoleServices = false,IncludeRegistrationService = false
    }
);

this.Plugins.Add(
    new ServerEventsFeature
    {
        StreamPath = ApiHost.EventSystemRoot +"-stream", // /request/event-stream
        HeartbeatPath = ApiHost.EventSystemRoot + "-heartbeat",
        UnRegisterPath = null,
        SubscribersPath = null,
        LimitToAuthenticatedUsers = true,
        IdleTimeout = TimeSpan.FromSeconds(30),
        HeartbeatInterval = TimeSpan.FromSeconds(20),
        NotifyChannelOfSubscriptions = true,
    }
);

jwt和perpetualJwt提供程序是JsonWebTokeynAuthProviders(句柄承载令牌jwt)，我已经将它们与标准servicestack api请求一起使用，因此我确信它们的功能是正确的，但是可能不会被调用.

the jwt and perpetualJwt providers are JsonWebTokeynAuthProviders (handle bearer token jwt) and I've got these working with standard servicestack api requests so I have confidence that their function is correct, however they may not be getting called.

要连接客户端，我使用如下代码:

To connect the client I use code like this:

this.directBoardClient = new JsonServiceClient(this.boardUrlTextBox.Text)
{
    BearerToken = this.boardTokenTextBox.Text
};
this.directBoardEvents = new ServerEventsClient(this.boardUrlTextBox.Text.AppendPath("ueib", "request"))
{
    OnMessage = boardEvents_OnMessage,
    OnCommand = boardEvents_OnCommand
};
this.directBoardEvents.ServiceClient=this.directBoardClient;
this.directBoardEvents.Start();

当我呼叫开始时，我得到401.如果我不需要身份验证或省略serverevents客户端，directBoardClient可以成功进行需要身份验证的呼叫.

When i call start i get a 401. If i don't require auth or i omit the serverevents client the directBoardClient can make calls that require auth successfully.

我认为当我连接到流终结点时未调用auth功能，并且移动事件终结点可能会干扰某些事情，但我无法确定那是什么.任何人都可以帮助确定我可以解决此问题的方法或建议进一步的调试步骤吗?

I think that the auth feature isn't being called when i'm connecting to the stream endpoint and that my moving the events endpoints may have disturbed something but i can't identify what that is. Can anyone help identify what i can do to fix this or suggest further debugging steps?

推荐答案

ServerEventsClient.ServiceClient不用于建立服务器事件连接，仅用于其

The ServerEventsClient.ServiceClient isn't used for establishing the Server Events connection, only its CookieContainer is shared which will allow you to Authenticate with the ServiceClient to establish an Authenticated Session.

如果您使用的是JWT AuthProvider，则可以将其发送到内部Cookie ，以便与客户端Web请求一起发送.否则，您可以尝试使用EventStreamRequestFilter添加JWT令牌，该令牌将在建立服务器事件连接之前执行，例如:

If you're using a JWT AuthProvider you can send it inside a Cookie so it gets sent with client Web Requests. Otherwise you can try adding the JWT Token using the EventStreamRequestFilter which gets executed before establishing the Server Events connection, e.g:

new ServerEventsClient(...) {
    EventStreamRequestFilter = req => req.AddBearerToken(jwt)
}

或者，我仅为ResolveStreamUrl添加了支持，这将使您修改用于建立服务器事件连接的URL，该URL还允许您将JWT令牌作为在JWT TypeScript ServerEventsClient示例中看到:

var sseClient = new ServerEventsClient(BaseUrl, ["*"], {
    resolveStreamUrl: url => appendQueryString(url, { "ss-tok": JWT }),
    handlers: {
        onConnect: e => { 
            console.log(e.isAuthenticated /*true*/, e.userId, e.displayName);
        }
    }
}).start();

此更改还使您可以独立于以前假定为{BaseUrl}/event-stream的BaseUri修改EventStreamPath.

The change also lets you modify the EventStreamPath independently from the BaseUri which was previously assumed to be {BaseUrl}/event-stream.

ResolveStreamUrl + EventStreamPath从v5.0.3开始可用，该版本现在在MyGet上可用.

这要求您的JWT AuthProvider通过QueryString接受JWT令牌，可以在ServiceStack的JWT AuthProvider中启用QueryString，

This requires that your JWT AuthProvider to accept JWT Tokens via the QueryString which you can enable in ServiceStack's JWT AuthProvider with:

new JwtAuthProvider {
    AllowInQueryString = true
}

这篇关于ServiceStack ServerEvents身份验证配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！