Question

我通过跟随Startup.cs类

中的代码在Web Api中映射signalR

public void Configuration(IAppBuilder app)
    {

        ConfigureAuth(app);
        app.Map("/signalr", map =>
        {
            map.UseCors(CorsOptions.AllowAll);
            var hubConfiguration = new HubConfiguration
            {
                EnableDetailedErrors= true,
                EnableJSONP=true
            };
            map.RunSignalR(hubConfiguration);
        });
    }

与此同时，我通过以下代码

在Web Api中使用了承载令牌认证和cookie认证

app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            AuthenticationMode = AuthenticationMode.Active,
            CookieHttpOnly = true,
            CookieSecure = CookieSecureOption.SameAsRequest,
            CookiePath = "/",
            CookieDomain = "xxxx.cloudapp.net",
        });
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        PublicClientId = "self";
        OAuthOptions = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new ApplicationOAuthProvider(PublicClientId),
            AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
            AllowInsecureHttp = true,
        };

        app.UseOAuthBearerTokens(OAuthOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
        {
            Provider = new QueryStringOAuthBearerProvider("Token")
        });

Web Api位于不同的域上，因此我通过以下代码启用了Cors for Api调用

public static void Register(HttpConfiguration config)
    {
        var cors = new    EnableCorsAttribute("http://localhost:8080,http://www.myweb.com,http://myweb.com", "*", "*");
        cors.SupportsCredentials = true;
        config.EnableCors(cors);   
     ......
     ......
     }

现在，从客户端连接时，我在控制台

中收到以下错误

这是我对应于websocket握手的响应

请指导。

Answer 1

我知道这是一个老问题，但我遇到了同样的问题，所以如果有其他人偶然发现它将来的参考......

不知何故：

CookieSecure = CookieSecureOption.SameAsRequest,

是问题所在。它不应该工作（不知道为什么）......

这是我的cookie配置：

            builder.Register(ctx => new CookieAuthenticationOptions
            {
                AuthenticationMode = AuthenticationMode.Active,
                AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
                CookieName = "xxx",
                CookieHttpOnly = false, // Kako bi mu mogli pristupiti iz Javascripta
                ExpireTimeSpan = TimeSpan.FromDays(1),
                LoginPath = PathString.Empty,
                LogoutPath = PathString.Empty,
                SlidingExpiration = true,
#if DEBUG
                CookieSecure = CookieSecureOption.SameAsRequest,
#else
                CookieSecure = CookieSecureOption.Always,
#endif
                CookieDomain = "localhost"
            });

这是我的令牌配置

            builder.Register(ctx => new OAuthAuthorizationServerOptions
            {
                AuthorizeEndpointPath = new PathString("/api/authorize"),
                TokenEndpointPath = new PathString("/api/token"),
                ApplicationCanDisplayErrors = true,
                Provider = ctx.Resolve<ApplicationOAuthProvider>(),
                //RefreshTokenProvider = ctx.Resolve<ApplicationRefreshTokenProvider>(),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
#if DEBUG
                AllowInsecureHttp = true
#endif
            });

在HTTPS localhost上托管我的应用程序后，它自动生效。为什么？还是不知道：P

在websocket传输握手上的SignalR 403状态代码

1 个答案: