我正在使用SignalR将通知发送到angular。但我想使其针对特定用户。用户使用天蓝色广告登录。我在集线器上有一个[授权],但授权失败。但是在我的控制器中它可以正常工作。
到目前为止我尝试过的。我尝试了来自Microsoft网站的services.AddAuthentication。 https://docs.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-2.2 但是然后我的控制器无法验证令牌,因为令牌不在URL中,而在标头中。
startup.cs:
public void ConfigureServices(IServiceCollection services)
{
services.AddOptions();
// Add custom configuration/resource files
services.ConfigureSettings(Configuration);
services.Configure<GzipCompressionProviderOptions>(options =>
options.Level = System.IO.Compression.CompressionLevel.Fastest
);
services.AddResponseCompression(options =>
{
options.EnableForHttps = true;
options.Providers.Add<GzipCompressionProvider>();
});
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy",
builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
.WithOrigins("http://localhost:4200"));
});
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureAD", options));
services.AddSignalR();
// Add framework services.
services.AddMvc(options =>
{
options.Filters.Add(new ValidateModelStateFilter());
}).AddJsonOptions(options =>
{
options.SerializerSettings.NullValueHandling = NullValueHandling.Ignore;
options.SerializerSettings.ContractResolver =
new CamelCasePropertyNamesContractResolver();
});
我的中心:
[Authorize]
public class NotifyHub : Hub<ITypedHubClient>
{
public Task SendMessage(string user, string message)
{
return Clients.Client(Context.ConnectionId)
.BroadcastMessage("ReceiveMessage", user, message);
}
public Task Log(string email)
{
Debug.WriteLine(Context.ConnectionId);
return Clients.Caller.BroadcastMessage("succes", "string");
}
public override Task OnConnectedAsync()
{
return base.OnConnectedAsync();
}
}
Angular SignalR服务:
private createConnection() {
this._hubConnection = new HubConnectionBuilder()
.withUrl('https://localhost:44334/notify', { accessTokenFactory: () => {
return this.adalSvc.accessToken } })
.build();
}
我想让用户进入我的中心,以便可以将用户映射到连接ID。
答案 0 :(得分:0)
您没有显示using语句,但我也看到您也在使用MVC。也许您使用了错误的AuthorizeAttribute?
请确保您使用的是Microsoft.AspNet.SignalR.AuthorizeAttribute,而不是MVC。
答案 1 :(得分:0)
SignalR的问题在于它无法修改标头以发送令牌
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureAD", options));
不适用于SignalR,因为URL中应包含令牌。
以下内容可用于Authenticated API调用和Authenticated SignalR连接
services.AddAuthentication(options = >{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options = >{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.Authority = "https://login.microsoftonline.com/" + Configuration["AzureAd:TenantId"];
options.TokenValidationParameters = new TokenValidationParameters() {
// These need to be set correctly after checking that it works
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = false,
ValidateActor = false
};
options.Events = new JwtBearerEvents {
OnMessageReceived = ctx = >{
if (ctx.Request.Query.ContainsKey("access_token"))
ctx.Token = ctx.Request.Query["access_token"];
return Task.CompletedTask;
}
};
});
您可以在集线器中对此进行测试
public override async Task OnConnectedAsync()
{
var Oid = (Context.User.FindFirst(c =>
c.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier"))?.Value;
Debug.WriteLine(Oid);
}
API和SignalR的[Authorize]属性都来自
using Microsoft.AspNetCore.Authorization;