问题
I am attempting to authorize SignalR requests exactly using the sample project here AngularJS Authentication based on this project AngularJS Authentication using web tokens. The problem I am having is, to use SignalR authorization, I had to override the SignalR AuthorizeAttribute class as below:
public class QueryStringBearerAuthorizeAttribute : AuthorizeAttribute
{
public override bool AuthorizeHubConnection(HubDescriptor hubDescriptor, IRequest request)
{
var token = request.QueryString.Get("Bearer");
var authenticationTicket = Startup.AuthServerOptions.AccessTokenFormat.Unprotect(token);
if (authenticationTicket == null || authenticationTicket.Identity == null || !authenticationTicket.Identity.IsAuthenticated)
{
return false;
}
request.Environment["server.User"] = new ClaimsPrincipal(authenticationTicket.Identity);
request.Environment["server.Username"] = authenticationTicket.Identity.Name;
request.GetHttpContext().User = new ClaimsPrincipal(authenticationTicket.Identity);
return true;
}
public override bool AuthorizeHubMethodInvocation(IHubIncomingInvokerContext hubIncomingInvokerContext, bool appliesToMethod)
{
var connectionId = hubIncomingInvokerContext.Hub.Context.ConnectionId;
var environment = hubIncomingInvokerContext.Hub.Context.Request.Environment;
var principal = environment["server.User"] as ClaimsPrincipal;
if (principal != null && principal.Identity != null && principal.Identity.IsAuthenticated)
{
hubIncomingInvokerContext.Hub.Context = new HubCallerContext(new ServerRequest(environment), connectionId);
return true;
}
return false;
}
}
Now my hub is as below:
[QueryStringBearerAuthorize]
[HubName("realtime")]
public class WislerAppHub : Hub
{
public string GetServerTime()
{
return DateTime.UtcNow.ToString();
}
}
The idea is, when a signalr connection request hits this class, the AuthorizeHubConnection should fire and authorize it. However this method is never called. The second method, AuthorizeHubMethodInvocationis called though.
What am I doing wrong? Why isn't this override working? BTW I tried inheriting thus: QueryStringBearerAuthorizeAttribute : Attribute, IAuthorizeHubConnection, IAuthorizeHubMethodInvocation with the same result.
Thank you.
回答1:
Okay I got it working. For those reaching here on similar issues, the code above works well there is no issue with it. Nothing needs to be added on the server side (ie to this code)
The problem was with the signalr initialization and call from the client side. Somehow I assumed there was no way signalr could hit the hub without hitting the attribute first. Obviously there is! I just changed my angularjs code and it works.
来源:https://stackoverflow.com/questions/28662899/signalr-authorization-using-web-api-token