1. 技术文章
  2. SignalR hub Authorize attribute doesn't work

SignalR hub Authorize attribute doesn't work

守給你的承諾、 提交于 2021-01-29 07:25:53

问题


I'm using SignalR to send notification to angular. But i want to make it user specific. The user is logged in with azure ad. And i have a [Authorize] on the hub but the authorisation fails. But in my controller it works fine.

What i have tried so far. I tried this services.AddAuthentication from the microsoft site. https://docs.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-2.2 But then my controller can't verify the token because the token isn't in the url but in the header.

startup.cs:

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddOptions();

        // Add custom configuration/resource files
        services.ConfigureSettings(Configuration);
        services.Configure<GzipCompressionProviderOptions>(options =>
            options.Level = System.IO.Compression.CompressionLevel.Fastest
        );

        services.AddResponseCompression(options =>
        {
            options.EnableForHttps = true;
            options.Providers.Add<GzipCompressionProvider>();
        });

        services.AddCors(options =>
        {
            options.AddPolicy("CorsPolicy",
                builder => builder
                    .AllowAnyOrigin()
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials()
                    .WithOrigins("http://localhost:4200"));
        });

        services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
            .AddAzureADBearer(options => Configuration.Bind("AzureAD", options));           

        services.AddSignalR();

        // Add framework services.
        services.AddMvc(options =>
        {        
            options.Filters.Add(new ValidateModelStateFilter());

        }).AddJsonOptions(options =>
        {
            options.SerializerSettings.NullValueHandling = NullValueHandling.Ignore;
            options.SerializerSettings.ContractResolver =
                new CamelCasePropertyNamesContractResolver();
        });

my hub:

 [Authorize]
 public class NotifyHub : Hub<ITypedHubClient>
   {
    public Task SendMessage(string user, string message)
    {

        return Clients.Client(Context.ConnectionId)
               .BroadcastMessage("ReceiveMessage", user, message);
    }

    public Task Log(string email)
    {
        Debug.WriteLine(Context.ConnectionId);

        return Clients.Caller.BroadcastMessage("succes", "string");
    }

    public override Task OnConnectedAsync()
    {

        return base.OnConnectedAsync();
    }
}

angular SignalR service:

private createConnection() {     
   this._hubConnection = new HubConnectionBuilder()  
  .withUrl('https://localhost:44334/notify', { accessTokenFactory: () => { 
   return this.adalSvc.accessToken }  })      
  .build(); 
}

I want to get the user in my hub so i can map the users to the connection id's.


回答1:


You're not showing your using statements and I see you are also using MVC. Maybe you're using the wrong AuthorizeAttribute?

Make sure you are using Microsoft.AspNet.SignalR.AuthorizeAttribute and not the MVC one.




回答2:


The problem with SignalR is that it cannot modify the header to send the token so

       services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
       .AddAzureADBearer(options => Configuration.Bind("AzureAD", options));

does not work with SignalR as the token is expected in the URL.

The following however works with both Authenticated API calls and Authenticated SignalR connections

services.AddAuthentication(options = >{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options = >{
   options.RequireHttpsMetadata = false;
   options.SaveToken = true;
   options.Authority = "https://login.microsoftonline.com/" + Configuration["AzureAd:TenantId"];
options.TokenValidationParameters = new TokenValidationParameters() {
    // These need to be set correctly after checking that it works
    ValidateAudience = false,
    ValidateLifetime = false,
    ValidateIssuer = false,
    ValidateIssuerSigningKey = false,
    ValidateActor = false
};
options.Events = new JwtBearerEvents {
    OnMessageReceived = ctx = >{
        if (ctx.Request.Query.ContainsKey("access_token")) 
             ctx.Token = ctx.Request.Query["access_token"];
        return Task.CompletedTask;
    }
};

});

You can test this in your hub

       public override async Task OnConnectedAsync()
       {
         var Oid = (Context.User.FindFirst(c => 
                   c.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier"))?.Value;
         Debug.WriteLine(Oid);
       }

Both [Authorize] attributes for API and SignalR come from 

using Microsoft.AspNetCore.Authorization;


来源:https://stackoverflow.com/questions/54153876/signalr-hub-authorize-attribute-doesnt-work

标签
c#
authentication
signalr
azure-active-directory
signalr-hub
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!