SignalR：如何强制认证/终止枢纽连接服务器端 [英] SignalR: how to enforce authentication/terminate hub connections server side

问题描述

此问题是关系到另一个线程，你可以在这里阅读：与SignalR Forms身份验证在那里我与用户的帮助和耐心尝试 dfowler 以了解如何执行ASP形式窗体.NET上SignalR中心认证

问题描述：我想只有经过身份验证的用户可以连接SignalR枢纽和接收/发送消息

入侵情形：入侵者可以潜在地捕获/访问网页的HTML和Javascript角访问的客户端计算机上的临时文件。因此，该入侵者就可以知道所有的细节（方法，集线器名等）来设置/使用集线器的连接需要。
从dfowler提议的解决方案是<一个href=\"http://stackoverflow.com/questions/11488461/forms-authentication-with-signalr/11519916#comment16235850_11519916\">implementing IConnect的：

  

您将实施IConnected和连接编写以下code。如果（Context.User.Identity.IsAuthenticated！）抛出新的异常（GTFO）;

所以我试着像这样

 公共System.Threading.Tasks.Task连接（）
    {
        如果（！Context.User.Identity.IsAuthenticated
            || ！（Context.User.IsInRole（role1上）|| Context.User.IsInRole（role2所）
            ））
            抛出新的异常（用户未授权）;
        返回null;
    }
 

问题，测试一次，是被称为Connect方法时，连接已被建立和滑动抛出异常不会帮助（如果我如果适当INFACT连接应该被用来发送消息到客户端在连接，抛出一个异常，只是在欢迎信息产生的不发送）。

在的事实，从我的测试，客户端仍可以读取所有的消息（也给他们）。

现在，它来到我的脑海方式：

1. 完美解决：拒绝或终止对服务器端的连接：不知道如何在SignalR做到这一点（我试图找到在的 API 但没有运气）


2. 检查，如果用户是一组，以避免接收/发送消息给他的一部分（但这仍然容易出现水浸/ DOS攻击）


3. 发送消息给客户端断开连接。显然不万一我战斗入侵者帮助

任何其他的方法呢？任何方式终止服务器端的连接，或者应该被接受，真正的验证是在主网页（离开开门给所有的客户端signalR攻击？）

之一

修改

下面是客户端的序列 - 服务器的通信，当我使用 IConnect.Connect 方法无条件地抛出异常（IE9浏览器）：

它看起来像foreverFrame失败，但longPolling后备正在建立和作品无论如何 - 由块扔在捕获的JavaScript错误后，该

 如果（connection.state === signalR.connectionState.connecting）{
            //连接尚未开始呢
            扔SignalR：连接尚未完全初始化。
    使用。开始（）（）完成或。开始（）。失败后（）来运行逻辑
    连接已启动。
        }
 

解决方案

我们有一个问题，我们需要允许完全阻止连接。现在你必须保卫每一个方法。这不是最干净的，但对于1.0 ALPHA1，我们还会有一些机制来这样做。

一个额外的问题是，它是所有集线器相同的连接，所以你不能拒绝一个特定枢纽的连接。

修改

其实，如果你扔至于我的测试去它终止连接。你看到的是什么行为？

This question is related to another thread, you can read here: Forms authentication with SignalR where I tried with the help and patience of the user dfowler to understand how enforce forms ASP .NET Forms Authentication on a SignalR Hub.

Description of the problem: I want that only authenticated users can connect the SignalR Hub and receive/send messages.

Intrusion scenario: the intruder can potentially capture/access the HTML and Javascripts of the web page accessing the temporary files on a client computer. This intruder can therefore know all the details (methods, hub names etc) required to set up/use a connection to the Hub. A proposed solution from dfowler is implementing IConnect:

You would implement IConnected and write the following code in Connect if(!Context.User.Identity.IsAuthenticated) throw new Exception("GTFO");

Therefore I tried with something like this

  public System.Threading.Tasks.Task Connect()
    {
        if (!Context.User.Identity.IsAuthenticated
            || !(Context.User.IsInRole("role1") || Context.User.IsInRole("role2")
            ))
            throw new Exception("User not authorized");
        return null;
    }

The problem, once tested, is that when the Connect method is being called, the connection has been already established and plain throwing the exception will not help (if I got if properly infact Connect should be used to send a message to the client at connection, throwing an exception will just yield in a welcome message not sent).

In facts, from my tests, the clients can still read all the messages (and also send them).

Now, approaches which come to my mind:

1. Perfect solution: reject or terminate the connection on server side: no clue how to do this in SignalR (I tried to find a method in the API but no luck)
2. check if the user is part of a group to avoid receiving/sending messages to him (but this is still prone to flooding/DOS attacks)
3. Sending a message to the client to disconnect: obviously does not help in case I am fighting an intruder.

Any other approach? Any way to terminate the connection on server side or should be accepted that the only real authentication is the one of the host webpage (leaving open the door to all the signalR client attacks?)

EDIT

Here is the sequence of client - server communication when I use the IConnect.Connect method throwing unconditionally an exception (browser IE9):

It looks like the foreverFrame fails but the longPolling fallback is being established and works anyway - this after throwing the error captured in the Javascript by the block

 if (connection.state === signalR.connectionState.connecting) {
            // Connection hasn't been started yet
            throw "SignalR: Connection has not been fully initialized. 
    Use .start().done() or .start().fail() to run logic after 
    the connection has started.";
        }

解决方案

We have an issue where we need to allow blocking the connection altogether. Right now you'll have to guard each method. It's not the cleanest but for 1.0 alpha1 we'll have some mechanism for doing this.

One additional problem is that it's the same connection for all hubs so you can't reject a connection for a specific hub.

EDIT

Actually if you throw it does end the connection as far as my testing goes. What behavior are you seeing?

这篇关于SignalR：如何强制认证/终止枢纽连接服务器端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！