在我的Web API 2项目中,我有基于JWT的身份验证。配置是
var config = new HttpConfiguration();
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions {/**/});
config.Filters.Add(new MyAuthenticationFilter());
app.UseWebApi(config);
app.UseCors(CorsOptions.AllowAll);
app.MapSignalR();
MyAuthenticationFilter
根据传入的JWT构建自定义主体,并将其附加到请求,以便在我的控制器操作中,我可以将其作为this.User
访问。除了SignalR请求忽略过滤器外,一切正常:
public class MyHub : Hub {
public override Task OnConnected() {
// here Context.User is ClaimsPrincipal which contain a JWT from Authorization header
// I expect it to be MyCustomPrincipal
return base.OnConnected();
}
}
为什么忽略IAuthenticationFiltter
?我该如何解决这个问题?
答案 0 :(得分:1)
你不能在带有signalR的标题上使用jwt。在qs中发送jwt(查询字符串)并在下面的代码api上添加一些自定义。
<强> App_Start / Startup.Auth.cs 强>
public void ConfigureAuth(IAppBuilder app)
{
// SignalR Auth0 custom configuration.
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new OAuthBearerAuthenticationProvider()
{
OnRequestToken = context =>
{
if (context.Request.Path.Value.StartsWith("/signalr"))
{
string bearerToken = context.Request.Query.Get("token");
if (bearerToken != null)
{
string[] authorization = new string[] { "bearer " + bearerToken };
context.Request.Headers.Add("Authorization", authorization);
}
}
return null;
}
}
});
}
您在集线器上使用授权属性
[Authorize]
public class MyHub:Hub