带有OpenIDDICT用户主张的SignalR与React
我目前正在使用React客户端和ASP.NET服务器进行项目。 我正在尝试使用用户在API中使用的现有索赔中的SignalR请求添加授权,但我无法将其围绕它缠绕。 我设法从客户端接收访问令牌,但我不明白如何接收context.user.user.claims。
我正在添加client signalr连接和服务器的尝试:
客户端:
let newConnection = new HubConnectionBuilder()
.configureLogging(LogLevel.Debug)
.withUrl(`${URL}${HubUrl}?access_token=${'SampleAccessToken'}`, {
// a token factory for the server, not sure why we need it
// accessTokenFactory: () => 'SampleAccessToken',
skipNegotiation: true,
transport: HttpTransportType.WebSockets,
})
.build();
服务器:
public async Task JoinJobGroup()
{
var httpContext = Context.GetHttpContext();
var tmp = httpContext.Request.Query["access_token"];
// TODO: Receive the claims form tmp or other solution
// TODO: Check if claim is valid for operation
await _Context.Groups.AddToGroupAsync(Context.ConnectionId, "JOB_GROUP_NAME");
}
I'm currently working on a project with a react client and asp.net server.
I was tryin to add authorization to the signalR requests in the server using the existing claims that the user use in the api but I couldn't wrap my head around it.
I managed to receive the access token from the client but I don't understand how I can receive Context.User.Claims.
I'm adding the client signalR connection and a try from the server:
client:
let newConnection = new HubConnectionBuilder()
.configureLogging(LogLevel.Debug)
.withUrl(`${URL}${HubUrl}?access_token=${'SampleAccessToken'}`, {
// a token factory for the server, not sure why we need it
// accessTokenFactory: () => 'SampleAccessToken',
skipNegotiation: true,
transport: HttpTransportType.WebSockets,
})
.build();
Server:
public async Task JoinJobGroup()
{
var httpContext = Context.GetHttpContext();
var tmp = httpContext.Request.Query["access_token"];
// TODO: Receive the claims form tmp or other solution
// TODO: Check if claim is valid for operation
await _Context.Groups.AddToGroupAsync(Context.ConnectionId, "JOB_GROUP_NAME");
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首选使用令牌工厂,因为它发送了当前的令牌值。如果令牌更改(例如,您支持刷新令牌),您的代码将无法正常工作。
如果您的身份验证正确配置,则应在用户原理中可用。确保已将授权属性添加到轮毂中。
您要查找的大多数信息都可以在此处获得
https://learn.microsoft.com/en-us/aspnet/core/signalr/authn-and-and-authz?view = ateaspnetcore-6.0
Using the token factory is preferred since it send the current token value. Your code won't work if the token change (Ex. you support refresh token).
The claims should be available in the User Principal if your authentication is correctly configured. Make sure you have added the Authorize attribute to your hub.
Most of the information you are looking for is available here
https://learn.microsoft.com/en-us/aspnet/core/signalr/authn-and-authz?view=aspnetcore-6.0