如何使用JWT授权SignalR Core Hub方法 [英] How to authorize SignalR Core Hub method with JWT
问题描述
我在带有OpenIddict的ASP.NET Core 2.0应用程序中使用JWT身份验证.
我正在此线程中遵循想法,并在SignalR之后调用AuthorizeWithJWT
方法握手.但是现在,我不知道应该在AuthorizeWithJWT
方法中设置什么,以便可以使用[Authorize(Roles="Admin")]
为例.
我尝试设置上下文用户,但它是只读的:
public class BaseHub : Hub
{
public async Task AuthorizeWithJWT(string AccessToken)
{
//get user claims from AccesToken
this.Context.User = user; //error User is read only
}
}
并使用authorize属性:
public class VarDesignImportHub : BaseHub
{
[Authorize(Roles = "Admin")]
public async Task Import(string ConnectionString)
{
}
}
我强烈建议您继续在握手级别进行身份验证,而不要使用您将在SignalR级别实现的自定义和非标准解决方案. /p>
假设您正在使用验证处理程序,则可以强制其从查询字符串中检索访问令牌:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication()
.AddOAuthValidation(options =>
{
options.Events.OnRetrieveToken = context =>
{
context.Token = context.Request.Query["access_token"];
return Task.CompletedTask;
};
});
}
或OnMessageReceived
(如果要使用JWTBearer
):
services.AddAuthentication()
.AddJwtBearer(o =>
{
o.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
if (context.Request.Path.ToString().StartsWith("/HUB/"))
context.Token = context.Request.Query["access_token"];
return Task.CompletedTask;
},
};
});
不需要其他更改.
I am using JWT authentication in my ASP.NET Core 2.0 application with OpenIddict.
I am following idea in this thread and calling AuthorizeWithJWT
method after SignalR handshake. But now, I do not know what should I set in AuthorizeWithJWT
method so I can use [Authorize(Roles="Admin")]
for example.
I tried with setting context user, but it is readonly:
public class BaseHub : Hub
{
public async Task AuthorizeWithJWT(string AccessToken)
{
//get user claims from AccesToken
this.Context.User = user; //error User is read only
}
}
And using authorize attribute:
public class VarDesignImportHub : BaseHub
{
[Authorize(Roles = "Admin")]
public async Task Import(string ConnectionString)
{
}
}
I strongly encourage you to continue doing authentication at the handshake level instead of going with a custom and non-standard solution you'd implement at the SignalR level.
Assuming you're using the validation handler, you can force it to retrieve the access token from the query string:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication()
.AddOAuthValidation(options =>
{
options.Events.OnRetrieveToken = context =>
{
context.Token = context.Request.Query["access_token"];
return Task.CompletedTask;
};
});
}
Or OnMessageReceived
if you want to use JWTBearer
:
services.AddAuthentication()
.AddJwtBearer(o =>
{
o.Events = new JwtBearerEvents()
{
OnMessageReceived = context =>
{
if (context.Request.Path.ToString().StartsWith("/HUB/"))
context.Token = context.Request.Query["access_token"];
return Task.CompletedTask;
},
};
});
No other change should be required.
这篇关于如何使用JWT授权SignalR Core Hub方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!