如何使客户端signalr避免形式的认证？ [英] How to make the signalr client avoid form authentication?

问题描述

我的MVC网站有权在web.config中一个形式的授权。
现在所有的页需要通过授权，以便它们可以viewd

但现在我有一个控制台PROGRAME（C＃控制台程序）。这PROGRAME需要发送一些信息给
SignalR枢纽。
但我signalR中心是在我的MVC的网站，现在这个C＃控制台客户端无法发送消息到信号中心，
因为我的MVC网站有形式的授权。

我希望控制台客户端不需要进行验证，但在网站的页面需要核实。

我能做些什么与该网站的web.config文件???

 ＆LT;位置路径=signalr /发送＆GT;
    ＆LT;＆的System.Web GT;
      ＆LT;授权＆GT;
        ＆LT;让用户=*/＆GT;
      ＆LT; /授权＆GT;
    ＆LT; /system.web>
  ＆LT; /地点＆gt;
  ＆LT;位置路径=首页/ PAGEONE＆GT;
    ＆LT;＆的System.Web GT;
      ＆LT;授权＆GT;
        ＆LT;让用户=*/＆GT;
      ＆LT; /授权＆GT;
    ＆LT; /system.web>
  ＆LT; /地点＆gt;
  ＆LT;＆的System.Web GT;
    ＆LT;身份验证模式=表格＆GT;
      ＆LT;形式loginUrl =〜/帐号/登录超时=2880/＆GT;
    ＆LT; /认证＆GT;
    ＆LT;授权＆GT;
      ＆LT;拒绝用户= /＆gt的帮助？
      ＆LT;让用户=*/＆GT;
    ＆LT; /授权＆GT;  - ＆GT;
＆LT; /system.web>
 

这样，我只能让PAGEONE不需要验证，但它不工作了signalR客户端程序

有我的web.config文件

 ＆LT;？XML版本=1.0编码=UTF-8＆GT？;
＆LT;！ - 
  有关如何配置ASP.NET应用程序的更多信息，请访问：
  http://go.microsoft.com/fwlink/?LinkId=301880
   - ＆GT;
＆LT;结构＆gt;
  ＆LT;＆的appSettings GT;    ＆LT;添加键=网页：版本值=3.0.0.0/＆GT;
    ＆LT;添加键=网页：启用VALUE =FALSE/＆GT;
    ＆LT;添加键=ClientValidationEnabledVALUE =真/＆GT;
    ＆LT;添加键=UnobtrusiveJavaScriptEnabledVALUE =真/＆GT;
  ＆LT; /的appSettings＆GT;  ＆LT;位置路径=首页/ INDEX3＆GT;＆LT;！ - 这种方式工作，我可以让INDEX3页面可能没有认证被视为 - ＆GT;
    ＆LT;＆的System.Web GT;
      ＆LT;授权＆GT;
        ＆LT;让用户=*/＆GT;
      ＆LT; /授权＆GT;
    ＆LT; /system.web>
  ＆LT; /地点＆gt;
  ＆LT;位置路径=signalr /发送＆GT; ＆LT;！ - 此网址由Request.Url.AbsoluteUrl轮毂类了，但这种方式是行不通的 - ＆GT;
    ＆LT;＆的System.Web GT;
      ＆LT;授权＆GT;
        ＆LT;让用户=*/＆GT;
      ＆LT; /授权＆GT;
    ＆LT; /system.web>
  ＆LT; /地点＆gt;
   ＆LT;位置路径=refreshhub / senditems＆GT; ＆所述;！ - 我的毂被命名为RefreshHub和撤销客户机是senditems的方法，但这种配置是不工作或者 - ＆GT;
    ＆LT;＆的System.Web GT;
      ＆LT;授权＆GT;
        ＆LT;让用户=*/＆GT;
      ＆LT; /授权＆GT;
    ＆LT; /system.web>
  ＆LT; /地点＆gt;
  ＆LT;＆的System.Web GT;
    ＆LT;编译调试=真targetFramework =4.5/＆GT;
    ＆LT;身份验证模式=表格＆GT; ＆LT;！ - 我把我所有的网站页面表单验证 - ＆GT;
      ＆LT;形式loginUrl =〜/帐号/登录超时=2880/＆GT;
    ＆LT; /认证＆GT;
    ＆LT;授权＆GT;
       ＆LT;拒绝用户= /＆gt的帮助？
      ＆LT;让用户=*/＆GT;
    ＆LT; /授权＆GT;
    ＆LT;的httpRuntime targetFramework =4.5/＆GT;
  ＆LT; /system.web>
  ＆LT;＆运行GT;
    ＆LT; assemblyBinding的xmlns =瓮：架构 - 微软COM：asm.v1＆GT;
      ＆LT; dependentAssembly＆GT;
        ＆LT; assemblyIdentity名称=Newtonsoft.Json文化=中性公钥=30ad4fe6b2a6aeed/＆GT;
        ＆LT; bindingRedirect oldVersion =0.0.0.0-6.0.0.0NEWVERSION =6.0.0.0/＆GT;
      ＆LT; / dependentAssembly＆GT;
      ＆LT; dependentAssembly＆GT;
        ＆LT; assemblyIdentity名称=System.Web.Optimization公钥=31bf3856ad364e35/＆GT;
        ＆LT; bindingRedirect oldVersion =1.0.0.0-1.1.0.0NEWVERSION =1.1.0.0/＆GT;
      ＆LT; / dependentAssembly＆GT;
      ＆LT; dependentAssembly＆GT;
        ＆LT; assemblyIdentity名称=WebGrease公钥=31bf3856ad364e35/＆GT;
        ＆LT; bindingRedirect oldVersion =0.0.0.0-1.5.2.14234NEWVERSION =1.5.2.14234/＆GT;
      ＆LT; / dependentAssembly＆GT;
      ＆LT; dependentAssembly＆GT;
        ＆LT; assemblyIdentity名称=System.Web.Helpers公钥=31bf3856ad364e35/＆GT;
        ＆LT; bindingRedirect oldVersion =1.0.0.0-3.0.0.0NEWVERSION =3.0.0.0/＆GT;
      ＆LT; / dependentAssembly＆GT;
      ＆LT; dependentAssembly＆GT;
        ＆LT; assemblyIdentity名称=System.Web.WebPages公钥=31bf3856ad364e35/＆GT;
        ＆LT; bindingRedirect oldVersion =1.0.0.0-3.0.0.0NEWVERSION =3.0.0.0/＆GT;
      ＆LT; / dependentAssembly＆GT;
      ＆LT; dependentAssembly＆GT;
        ＆LT; assemblyIdentity名称=System.Web.Mvc公钥=31bf3856ad364e35/＆GT;
        ＆LT; bindingRedirect oldVersion =1.0.0.0-5.2.0.0NEWVERSION =5.2.0.0/＆GT;
      ＆LT; / dependentAssembly＆GT;
    ＆LT; / assemblyBinding＆GT;
  ＆LT; /运行＆GT;
  ＆LT; system.webServer＆GT;
    ＆LT;＆处理GT;
      ＆LT;清除NAME =ExtensionlessUrlHandler  - 集成 -  4.0/＆GT;
      ＆LT;清除NAME =OPTIONSVerbHandler/＆GT;
      ＆LT;清除NAME =TRACEVerbHandler/＆GT;
      ＆LT;添加名称=ExtensionlessUrlHandler  - 集成 -  4.0PATH =*。动词=*类型=System.Web.Handlers.TransferRequestHandlerpreCondition =integratedMode，runtimeVersionv4.0/＆GT;
    ＆LT; /处理器＆GT;
  ＆LT; /system.webServer>
＆LT; /结构＆gt;
 

解决方案

 ＆LT;拒绝用户= /＆gt的帮助？
＆LT;让用户=*/＆GT;
 

您拒绝匿名用户（只允许通过验证的用户），然后让每一个人。
一旦匿名用户被拒绝访问，也不会看到让用户的下一行。允许规则应该是第一位的。

编辑：
我假设你signalR枢纽，refreshhub，是根。然后前pression将是：

 ＆LT;位置路径=refreshhub.vb＆GT; （或LT;位置路径=refreshhub.cs＆GT;）
 

如果轮毂是在某些文件夹MyFolder的说，然后前pression将是：

 ＆LT;位置路径=MyFolder中/ refreshhub.vb＆GT;
 

位置路径是一种资源，如网页，图片，文件夹等，并没有方法（据我所知）。

有关使用授权与枢纽具体方法请参阅
http://www.asp.net/signalr/overview/security/hub-authorization

My MVC Website has a form authorization in web.config. Now all the page need to pass the authorization,so that they can be viewd.

But Now I have a console programe(C# console program).this programe need to send some message to SignalR Hub. But My signalR Hub is in my MVC Website,Now this C# console client can't send message to Signal Hub, Because My MVC Website has Form Authorization.

I want the console client doesn't need to be verified,but the pages in website need to be verified.

What Can I do with the website's web.config file???

<location path="signalr/send" >
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="Home/pageone" >
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/LogOn" timeout="2880" />
    </authentication>
    <authorization>
      <deny users="?"/>
      <allow users="*"/>
    </authorization>-->
</system.web>

this way,I can only make the pageone not need verify,but it's not worked for signalR client program

there are my web.config file

<?xml version="1.0" encoding="utf-8"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=301880
  -->
<configuration>


  <appSettings>

    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />
  </appSettings>

  <location path="Home/Index3" ><!--this way is working ,I can make the index3 page could be viewed with no authentication-->
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <location path="signalr/send" >  <!--this url is got by Request.Url.AbsoluteUrl  in the hub class,but this way is not working-->
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
   <location path="refreshhub/senditems" >  <!--my hub is named as "RefreshHub" and the method the client revoked is "senditems",  but this configuration is not working either-->
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
  <system.web>
    <compilation debug="true" targetFramework="4.5" />
    <authentication mode="Forms">  <!--I give my website all page Form authentication-->
      <forms loginUrl="~/Account/LogOn" timeout="2880" />
    </authentication>
    <authorization>
       <deny users="?"/>
      <allow users="*"/>
    </authorization>
    <httpRuntime targetFramework="4.5" />
  </system.web>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-5.2.0.0" newVersion="5.2.0.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
  <system.webServer>
    <handlers>
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
  </system.webServer>
</configuration>

解决方案

<deny users="?"/>
<allow users="*"/>

You are denying anonymous users, (allowing only authenticated users), and then allowing every one. Once an anonymous user is denied access, it will not see the next line of allow user. allow rule should come first.

Edited: I assume that your signalR hub , refreshhub, is in root. Then expression would be:

<location path="refreshhub.vb " > (or  <location path="refreshhub.cs">)

If the hub is in some folder say myfolder, then expression would be :

 <location path="myfolder/refreshhub.vb" >

Location path is a resource such as page, image, folder etc. and not method (as far as I know).

For using authorization with specific methods in hub please see http://www.asp.net/signalr/overview/security/hub-authorization

这篇关于如何使客户端signalr避免形式的认证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！