将SignalR添加到现有的IdentityServer4授权中 [英] Adding SignalR to existing IdentityServer4 Authorization
问题描述
我有一个Asp.Net核心2.2 IdentityServer4应用程序,其工作系统支持声明等.我向其添加SignalR,并希望使用[Authenitcation]标头并可以访问控制器具有的相同声明.
我已经找到了几篇有关将SignalR与IdentityServer4集成的文章,但是我无法确定与已经在做的事情有什么重叠,以及增加对SignalR的支持所必需的.我只需要通知IdentityServer特定的SignalR路由进行授权?
这是一篇详尽的文章,其中包含有关GitHub的广泛示例: https://mikebridge.github.io/articles/identityserver4-signalr/ https://github.com/mikebridge/IdentityServer4SignalR
我最终重新处理了IdentityServer4的用法,以创建jwtbearer令牌并使用HybridAndClientCredentials,并且在我的Signalr会话启动事件中拾取了用户声明. /p>
将Hybrid Client添加到IdentityServer4:
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true
}
,然后在mvc客户端上启动:
ServiceCollection.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "https://localhost:5001";
options.RequireHttpsMetadata = false;
options.ClientSecret = "secret";
options.ClientId = "mvc";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("offline_access");
options.Scope.Add("api1");
options.ClaimActions.MapJsonKey("website", "website");
});
这是根据以下示例建模的: Quickstart5_HybridAndApi
在服务器上的SignalR中:
[Authorize]
public class SignalRSignalHub : Hub
{
public override Task OnConnectedAsync()
{
var context = Context.GetHttpContext();
return base.OnConnectedAsync();
}
}
I have an Asp.Net core 2.2 IdentityServer4 application with a working system supporting claims, etc. I'm adding SignalR to it and want to use the [Authenitcation] header and have access to the same claims my controllers have.
I've found a couple of articles on integrating SignalR with IdentityServer4, but I can't tell what is overlap with things I'm already doing and what's necessary to add support for SignalR. Do I just need to inform IdentityServer of the specific SignalR route to authorize?
Here's a thorough article with an extensive example on GitHub: https://mikebridge.github.io/articles/identityserver4-signalr/ https://github.com/mikebridge/IdentityServer4SignalR
I ended up re-working my IdentityServer4 usage to create a jwtbearer token and use the HybridAndClientCredentials and the User claims were picked up in my signalr session start event.
Add Hybrid Client to IdentityServer4:
new Client
{
ClientId = "mvc",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
AllowOfflineAccess = true
}
and then in startup on the mvc client:
ServiceCollection.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";
options.Authority = "https://localhost:5001";
options.RequireHttpsMetadata = false;
options.ClientSecret = "secret";
options.ClientId = "mvc";
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("offline_access");
options.Scope.Add("api1");
options.ClaimActions.MapJsonKey("website", "website");
});
This is modeled after the example: Quickstart5_HybridAndApi
In SignalR on server:
[Authorize]
public class SignalRSignalHub : Hub
{
public override Task OnConnectedAsync()
{
var context = Context.GetHttpContext();
return base.OnConnectedAsync();
}
}
这篇关于将SignalR添加到现有的IdentityServer4授权中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!