我正在使用AspNetCore和cookie中间件进行身份验证,我这样设置…
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = Constants.AuthenticationScheme,
AutomaticAuthenticate = true,
AutomaticChallenge = true,
LoginPath = new PathString("/")
});
我使用登录表单成功进行身份验证,然后重定向到标有[Authorize]属性的控制器.
然后控制器加载一个页面,该页面具有连接到集线器的javascript signalR客户端.
但是当我添加signalR [Authorize]属性时.我从服务器获得401 Unauthorized.
如何让signalR识别身份验证cookie?我可以看到它已经在Context.RequestCookies中传递了cookie.
如果没有,我怎么能手动解密cookie并自己设置用户?
最佳答案 我设法通过自己解密cookie来解决这个问题,但是我会对更好的方式感兴趣.
我在这个Question的帮助下创建了一个帮助类来生成身份验证票据格式
public static class SecurityHelper
{
/// <summary>
/// Gets the format for the security cookie used to encrypt and decrpyt cookie
/// </summary>
/// <param name="services">The app service provider</param>
/// <returns>The authentication ticket format</returns>
public static ISecureDataFormat<AuthenticationTicket> GetTicketFormat(IServiceProvider services)
{
var authenticationType = "Cookies";
var protectionProvider = services.GetRequiredService<IDataProtectionProvider>();
var dataProtector = protectionProvider.CreateProtector("Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware", authenticationType, "v2");
return new TicketDataFormat(dataProtector);
}
}
并告诉cookie中间件在我的startup.cs类中使用这种票据格式…
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "Cookies",
AutomaticAuthenticate = true,
AutomaticChallenge = true,
LoginPath = new PathString("/"),
TicketDataFormat = SecurityHelper.GetTicketFormat(app.ApplicationServices)
});
然后在this文章的帮助下创建了我自己的signalr身份验证属性来解密cookie并设置用户主体.
/// <summary>
/// Attribute to have signalr hubs authenticate
/// </summary>
[AttributeUsage(AttributeTargets.Class, Inherited = false, AllowMultiple = false)]
public class AuthorizeHubUsersAttribute : AuthorizeAttribute
{
/// <summary>
/// Decrpyt the authentication cookie and set the user principal
/// </summary>
/// <param name="hubDescriptor">The hub descriptor</param>
/// <param name="request">The request object</param>
/// <returns>If the user is aythenticated</returns>
public override bool AuthorizeHubConnection(HubDescriptor hubDescriptor, HttpRequest request)
{
var cookie = request.Cookies[".AspNetCore.Cookies"];
var ticketFormat = SecurityHelper.GetTicketFormat(request.HttpContext.RequestServices);
var authenticationTicket = ticketFormat.Unprotect(cookie);
request.HttpContext.User = authenticationTicket.Principal;
return base.AuthorizeHubConnection(hubDescriptor, request);
}
/// <summary>
/// Check the user is authenticated
/// </summary>
/// <param name="user">The user principal</param>
/// <returns>If the user is aythenticated</returns>
protected override bool UserAuthorized(IPrincipal user)
{
if (user?.Identity == null)
{
return false;
}
return user.Identity.IsAuthenticated;
}
}
然后,我所要做的就是用属性装饰我的hub类
[AuthorizeHubUsersAttribute()]
public class GameMessageHub : Hub<IGameMessageHub> {
....
}
我找不到将依赖项注入signalr属性的方法,但如果有人想出来我想知道.