如何使用JWT授权SignalR Core Hub方法 [英] How to authorize SignalR Core Hub method with JWT

问题描述

我在带有OpenIddict的ASP.NET Core 2.0应用程序中使用JWT身份验证.

我正在此线程中遵循想法，并在SignalR之后调用AuthorizeWithJWT方法握手.但是现在，我不知道应该在AuthorizeWithJWT方法中设置什么，以便可以使用[Authorize(Roles="Admin")]为例.

我尝试设置上下文用户，但它是只读的:

public class BaseHub : Hub
{    
    public async Task AuthorizeWithJWT(string AccessToken)
    {
        //get user claims from AccesToken
        this.Context.User = user;  //error User is read only
    }
}

并使用authorize属性:

public class VarDesignImportHub : BaseHub
{
    [Authorize(Roles = "Admin")]
    public async Task Import(string ConnectionString)
    {
    }
}

解决方案

我强烈建议您继续在握手级别进行身份验证，而不要使用您将在SignalR级别实现的自定义和非标准解决方案. /p>

假设您正在使用验证处理程序，则可以强制其从查询字符串中检索访问令牌:

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication()
        .AddOAuthValidation(options =>
        {
            options.Events.OnRetrieveToken = context =>
            {
                context.Token = context.Request.Query["access_token"];

                return Task.CompletedTask;
            };
        });
}

或OnMessageReceived(如果要使用JWTBearer):

services.AddAuthentication()
    .AddJwtBearer(o =>
    {
        o.Events = new JwtBearerEvents()
        {
            OnMessageReceived = context =>
            {
                if (context.Request.Path.ToString().StartsWith("/HUB/"))
                    context.Token = context.Request.Query["access_token"];
                return Task.CompletedTask;
            },
        };
    });

不需要其他更改.

I am using JWT authentication in my ASP.NET Core 2.0 application with OpenIddict.

I am following idea in this thread and calling AuthorizeWithJWT method after SignalR handshake. But now, I do not know what should I set in AuthorizeWithJWT method so I can use [Authorize(Roles="Admin")] for example.

I tried with setting context user, but it is readonly:

public class BaseHub : Hub
{    
    public async Task AuthorizeWithJWT(string AccessToken)
    {
        //get user claims from AccesToken
        this.Context.User = user;  //error User is read only
    }
}

And using authorize attribute:

public class VarDesignImportHub : BaseHub
{
    [Authorize(Roles = "Admin")]
    public async Task Import(string ConnectionString)
    {
    }
}

解决方案

I strongly encourage you to continue doing authentication at the handshake level instead of going with a custom and non-standard solution you'd implement at the SignalR level.

Assuming you're using the validation handler, you can force it to retrieve the access token from the query string:

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication()
        .AddOAuthValidation(options =>
        {
            options.Events.OnRetrieveToken = context =>
            {
                context.Token = context.Request.Query["access_token"];

                return Task.CompletedTask;
            };
        });
}

Or OnMessageReceived if you want to use JWTBearer:

services.AddAuthentication()
    .AddJwtBearer(o =>
    {
        o.Events = new JwtBearerEvents()
        {
            OnMessageReceived = context =>
            {
                if (context.Request.Path.ToString().StartsWith("/HUB/"))
                    context.Token = context.Request.Query["access_token"];
                return Task.CompletedTask;
            },
        };
    });

No other change should be required.

这篇关于如何使用JWT授权SignalR Core Hub方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！