将SignalR添加到现有的IdentityServer4授权中 [英] Adding SignalR to existing IdentityServer4 Authorization

问题描述

我有一个Asp.Net核心2.2 IdentityServer4应用程序，其工作系统支持声明等.我向其添加SignalR，并希望使用[Authenitcation]标头并可以访问控制器具有的相同声明.

我已经找到了几篇有关将SignalR与IdentityServer4集成的文章，但是我无法确定与已经在做的事情有什么重叠，以及增加对SignalR的支持所必需的.我只需要通知IdentityServer特定的SignalR路由进行授权?

这是一篇详尽的文章，其中包含有关GitHub的广泛示例: https://mikebridge.github.io/articles/identityserver4-signalr/ https://github.com/mikebridge/IdentityServer4SignalR

解决方案

我最终重新处理了IdentityServer4的用法，以创建jwtbearer令牌并使用HybridAndClientCredentials，并且在我的Signalr会话启动事件中拾取了用户声明. /p>

将Hybrid Client添加到IdentityServer4:

        new Client
        {
            ClientId = "mvc",
            ClientName = "MVC Client",
            AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

            ClientSecrets = 
            {
                new Secret("secret".Sha256())
            },

            RedirectUris = { "http://localhost:5002/signin-oidc" },
            PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },

            AllowedScopes = 
            {
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile,
                "api1"
            },
            AllowOfflineAccess = true
        }

，然后在mvc客户端上启动:

 ServiceCollection.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";

                options.Authority = "https://localhost:5001";
                options.RequireHttpsMetadata = false;
                options.ClientSecret = "secret";
                options.ClientId = "mvc";

                options.ResponseType = "code id_token";
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;

                options.Scope.Add("offline_access");
                options.Scope.Add("api1");
                options.ClaimActions.MapJsonKey("website", "website"); 
            });

这是根据以下示例建模的: Quickstart5_HybridAndApi

在服务器上的SignalR中:

        [Authorize]
        public class SignalRSignalHub : Hub
        {
            public override Task OnConnectedAsync()
            {
                var context = Context.GetHttpContext();
                return base.OnConnectedAsync();
            }
        }

I have an Asp.Net core 2.2 IdentityServer4 application with a working system supporting claims, etc. I'm adding SignalR to it and want to use the [Authenitcation] header and have access to the same claims my controllers have.

I've found a couple of articles on integrating SignalR with IdentityServer4, but I can't tell what is overlap with things I'm already doing and what's necessary to add support for SignalR. Do I just need to inform IdentityServer of the specific SignalR route to authorize?

Here's a thorough article with an extensive example on GitHub: https://mikebridge.github.io/articles/identityserver4-signalr/ https://github.com/mikebridge/IdentityServer4SignalR

解决方案

I ended up re-working my IdentityServer4 usage to create a jwtbearer token and use the HybridAndClientCredentials and the User claims were picked up in my signalr session start event.

Add Hybrid Client to IdentityServer4:

        new Client
        {
            ClientId = "mvc",
            ClientName = "MVC Client",
            AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

            ClientSecrets = 
            {
                new Secret("secret".Sha256())
            },

            RedirectUris = { "http://localhost:5002/signin-oidc" },
            PostLogoutRedirectUris = { "http://localhost:5002/signout-callback-oidc" },

            AllowedScopes = 
            {
                IdentityServerConstants.StandardScopes.OpenId,
                IdentityServerConstants.StandardScopes.Profile,
                "api1"
            },
            AllowOfflineAccess = true
        }

and then in startup on the mvc client:

 ServiceCollection.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookies")
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";

                options.Authority = "https://localhost:5001";
                options.RequireHttpsMetadata = false;
                options.ClientSecret = "secret";
                options.ClientId = "mvc";

                options.ResponseType = "code id_token";
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;

                options.Scope.Add("offline_access");
                options.Scope.Add("api1");
                options.ClaimActions.MapJsonKey("website", "website"); 
            });

This is modeled after the example: Quickstart5_HybridAndApi

In SignalR on server:

        [Authorize]
        public class SignalRSignalHub : Hub
        {
            public override Task OnConnectedAsync()
            {
                var context = Context.GetHttpContext();
                return base.OnConnectedAsync();
            }
        }

这篇关于将SignalR添加到现有的IdentityServer4授权中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！