SignalR Authorize属性不适用于cookie身份验证

时间:2017-03-07 16:53:46

标签: asp.net-core signalr .net-core

我正在使用AspNetCore和cookie中间件进行身份验证,我这样设置...... 

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationScheme = Constants.AuthenticationScheme,
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    LoginPath = new PathString("/")
});

我使用登录表单成功验证,然后重定向到标有[授权]属性的控制器。

控制器然后加载一个页面,其中包含连接到集线器的javascript signalR客户端。

但是当我添加signalR [Authorize]属性时。我从服务器上获得了401 Unauthorized。

如何让signalR识别身份验证cookie?我可以看到它已经在Context.RequestCookies中传递了cookie。

如果我不能手动解密cookie并自己设置用户?

1 个答案:

答案 0 :(得分:1)

我设法通过自己解密cookie来解决这个问题,但是我会对更好的方式感兴趣。

我在此Question

的帮助下创建了一个帮助程序类,用于生成身份验证票证格式 
public static class SecurityHelper
{
    /// <summary>
    /// Gets the format for the security cookie used to encrypt and decrpyt cookie
    /// </summary>
    /// <param name="services">The app service provider</param>
    /// <returns>The authentication ticket format</returns>
    public static ISecureDataFormat<AuthenticationTicket> GetTicketFormat(IServiceProvider services)
    {
        var authenticationType = "Cookies";
        var protectionProvider = services.GetRequiredService<IDataProtectionProvider>();
        var dataProtector = protectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", authenticationType, "v2");
        return new TicketDataFormat(dataProtector);
    }
}

告诉cookie中间件在我的startup.cs类中使用这种票证格式...... 

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
            AuthenticationScheme = "Cookies",
            AutomaticAuthenticate = true,
            AutomaticChallenge = true,
            LoginPath = new PathString("/"),
            TicketDataFormat = SecurityHelper.GetTicketFormat(app.ApplicationServices)
});

然后在this文章的帮助下创建了我自己的signalr身份验证属性来解密cookie并设置用户主体。

/// <summary>
/// Attribute to have signalr hubs authenticate
/// </summary>
[AttributeUsage(AttributeTargets.Class, Inherited = false, AllowMultiple = false)]
public class AuthorizeHubUsersAttribute :  AuthorizeAttribute
{
    /// <summary>
    /// Decrpyt the authentication cookie and set the user principal
    /// </summary>
    /// <param name="hubDescriptor">The hub descriptor</param>
    /// <param name="request">The request object</param>
    /// <returns>If the user is aythenticated</returns>
    public override bool AuthorizeHubConnection(HubDescriptor hubDescriptor, HttpRequest request)
    {
        var cookie = request.Cookies[".AspNetCore.Cookies"];
        var ticketFormat = SecurityHelper.GetTicketFormat(request.HttpContext.RequestServices);
        var authenticationTicket = ticketFormat.Unprotect(cookie);
        request.HttpContext.User = authenticationTicket.Principal; 

        return base.AuthorizeHubConnection(hubDescriptor, request);
    }

    /// <summary>
    /// Check the user is authenticated
    /// </summary>
    /// <param name="user">The user principal</param>
    /// <returns>If the user is aythenticated</returns>
    protected override bool UserAuthorized(IPrincipal user)
    {
        if (user?.Identity == null)
        {
            return false;
        }
        return user.Identity.IsAuthenticated;
    }
}

然后我所要做的就是用属性

装饰我的hub类 
[AuthorizeHubUsersAttribute()]
public class GameMessageHub : Hub<IGameMessageHub> {
 ....
}

我找不到将依赖项注入signalr属性的方法,但是如果有人想出来我想知道。

相关问题
最新问题