asp.net-core – SignalR Authorize属性不适用于cookie身份验证

发布时间：2020-12-16 09:43:29 所属栏目：asp.Net 来源：网络整理

导读：我正在使用AspNetCore和cookie中间件进行身份验证,我这样设置… app.UseCookieAuthentication(new CookieAuthenticationOptions{ AuthenticationScheme = Constants.AuthenticationScheme,AutomaticAuthenticate = true,AutomaticChallenge = true,LoginPath

我正在使用AspNetCore和cookie中间件进行身份验证,我这样设置…

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationScheme = Constants.AuthenticationScheme,AutomaticAuthenticate = true,AutomaticChallenge = true,LoginPath = new PathString("/")
});

我使用登录表单成功进行身份验证,然后重定向到标有[Authorize]属性的控制器.

然后控制器加载一个页面,该页面具有连接到集线器的javascript signalR客户端.

但是当我添加signalR [Authorize]属性时.我从服务器获得401 Unauthorized.

如何让signalR识别身份验证cookie？我可以看到它已经在Context.RequestCookies中传递了cookie.

如果没有,我怎么能手动解密cookie并自己设置用户？

解决方法

我设法通过自己解密cookie来解决这个问题,但是我会对更好的方式感兴趣.

我在这个Question的帮助下创建了一个帮助类来生成身份验证票据格式

public static class SecurityHelper
{
    /// <summary>
    /// Gets the format for the security cookie used to encrypt and decrpyt cookie
    /// </summary>
    /// <param name="services">The app service provider</param>
    /// <returns>The authentication ticket format</returns>
    public static ISecureDataFormat<AuthenticationTicket> GetTicketFormat(IServiceProvider services)
    {
        var authenticationType = "Cookies";
        var protectionProvider = services.GetRequiredService<IDataProtectionProvider>();
        var dataProtector = protectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware",authenticationType,"v2");
        return new TicketDataFormat(dataProtector);
    }
}

并告诉cookie中间件在我的startup.cs类中使用这种票据格式…

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
            AuthenticationScheme = "Cookies",LoginPath = new PathString("/"),TicketDataFormat = SecurityHelper.GetTicketFormat(app.ApplicationServices)
});

然后在this文章的帮助下创建了我自己的signalr身份验证属性来解密cookie并设置用户主体.

/// <summary>
/// Attribute to have signalr hubs authenticate
/// </summary>
[AttributeUsage(AttributeTargets.Class,Inherited = false,AllowMultiple = false)]
public class AuthorizeHubUsersAttribute :  AuthorizeAttribute
{
    /// <summary>
    /// Decrpyt the authentication cookie and set the user principal
    /// </summary>
    /// <param name="hubDescriptor">The hub descriptor</param>
    /// <param name="request">The request object</param>
    /// <returns>If the user is aythenticated</returns>
    public override bool AuthorizeHubConnection(HubDescriptor hubDescriptor,HttpRequest request)
    {
        var cookie = request.Cookies[".AspNetCore.Cookies"];
        var ticketFormat = SecurityHelper.GetTicketFormat(request.HttpContext.RequestServices);
        var authenticationTicket = ticketFormat.Unprotect(cookie);
        request.HttpContext.User = authenticationTicket.Principal; 

        return base.AuthorizeHubConnection(hubDescriptor,request);
    }

    /// <summary>
    /// Check the user is authenticated
    /// </summary>
    /// <param name="user">The user principal</param>
    /// <returns>If the user is aythenticated</returns>
    protected override bool UserAuthorized(IPrincipal user)
    {
        if (user?.Identity == null)
        {
            return false;
        }
        return user.Identity.IsAuthenticated;
    }
}

然后,我所要做的就是用属性装饰我的hub类

[AuthorizeHubUsersAttribute()]
public class GameMessageHub : Hub<IGameMessageHub> {
 ....
}

我找不到将依赖项注入signalr属性的方法,但如果有人想出来我想知道.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!