信号器用户从未显示经过身份验证
将最新的 SignalR (6.0.3) 添加到我的 .net 6 API 中。一切正常,直到我尝试获取用户身份 - 它总是未经授权。我真的只是想从令牌中获取索赔,所以也许我找错了地方。
- 整个设置是提供 localhost Vue3 SPA 的 localhost API。
- 授权按预期适用于所有 API 控制器操作,按照本教程进行操作。
- SignalR Hub 按预期与前端进行通信(接收和发送)。
- SignalR 中心
app.MapHub是 Program.cs 中("/chat"); app.Run();之前的最后一行 - 我尝试从前端更新连接以包含
accessTokenFactory函数,我可以确认此处正确提供了令牌。但是,这对于 cookie 身份验证来说不是必需的。
在我的 SignalR hub 类中,有一个获取特定声明的简单方法:(代码很粗糙,只是试图让它工作)
public int GetPlayerId()
{
int id = 0;
try
{
var identity = (ClaimsIdentity)Context.User.Identity;
id = Int32.Parse(identity.FindFirst("playerId").ToString());
} catch (Exception ex)
{
return 0;
}
return id;
}
无论我做什么,Context.User 看起来都是这样的:
我甚至不知道该去哪里开始调试,因为授权在整个应用程序中按预期工作。这似乎指向 SignalR 问题,但我能找到的关于此问题的少数帖子大多严重过时,并且没有产生明显的影响。 根据文档,这应该“仅适用于”应用程序的现有授权。
非常感谢您对检查内容或提供其他详细信息的任何见解。
编辑:附加信息
将[Authorize]装饰器添加到我的集线器类本身似乎不起作用。无论如何,我都可以发送和接收。授权继续按其他地方的预期工作。
Added the latest SignalR (6.0.3) to my .net 6 API. Everything works there until I try to grab the user identity - it is always unauthorized. I'm really just trying to get a claim from the token, so maybe I'm looking in the wrong place.
- The entire setup is localhost API supplying localhost Vue3 SPA.
- Authorization works as intended for all API controller actions, following this tutorial.
- SignalR Hub communicates as intended with front-end otherwise - receiving and sending.
- The SignalR Hub
app.MapHub<ChatHub>("/chat");is the last line in Program.cs beforeapp.Run(); - I tried updating the connection from front-end to include
accessTokenFactoryfunction, and I can confirm token is correctly supplied here. However, this should not be necessary with cookie authentication.
In my SignalR hub class is a simple method for getting a particular claim: (the code is rough, just trying to get it to work)
public int GetPlayerId()
{
int id = 0;
try
{
var identity = (ClaimsIdentity)Context.User.Identity;
id = Int32.Parse(identity.FindFirst("playerId").ToString());
} catch (Exception ex)
{
return 0;
}
return id;
}
Context.User looks like this regardless of what I do:
I'm not sure where to even begin to debug, as authorization is working as intended across the entirety of the application otherwise. That would seem to point to a SignalR issue, but the few posts I could find about this were mostly severely outdated and made no discernable impact. According to the documentation, this should "just work" with the application's existing authorization.
Any insight on what to check into or additional details to provide is deeply appreciated.
Edit: Additional information
Adding the [Authorize] decorator to my hub class itself does not appear to work. I am able to send and receive regardless. Authorization continues to work as intended elsewhere.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
affore-linked 身份验证方案中的 JwtMiddleware 不会影响 SignalR 集线器的 Context 对象。
我不只是使用 accountId,而是使用经过验证的 JWT 令牌并向 HttpContext User 添加身份。这可能并不完美,但我希望它对将来的人有所帮助:
The JwtMiddleware from the affore-linked authentication scheme did not affect the Context object of the SignalR hub.
Instead of just the accountId, I took the validated JWT token and added an identity to the HttpContext User. This is probably not perfect but I hope it help someone in the future: