SignalR 2.0中的IAuthenticationFilter
问题描述:
在我的Web API 2项目中,我有基于JWT的身份验证。配置是SignalR 2.0中的IAuthenticationFilter
var config = new HttpConfiguration();
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions {/**/});
config.Filters.Add(new MyAuthenticationFilter());
app.UseWebApi(config);
app.UseCors(CorsOptions.AllowAll);
app.MapSignalR();
MyAuthenticationFilter建立了基于传入智威汤逊自定义主要并将其附加到一个请求,以致在我的控制器动作,我可以访问它this.User。一切工作正常,除了过滤器的SignalR请求忽略:
public class MyHub : Hub {
public override Task OnConnected() {
// here Context.User is ClaimsPrincipal which contain a JWT from Authorization header
// I expect it to be MyCustomPrincipal
return base.OnConnected();
}
}
为什么IAuthenticationFiltter被忽略?我如何解决这个问题?
答
你不能在signalR头上使用jwt。用qs发送jwt(查询字符串)并在下面编码的api上添加一些定制。
App_Start/Startup.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
// SignalR Auth0 custom configuration.
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new OAuthBearerAuthenticationProvider()
{
OnRequestToken = context =>
{
if (context.Request.Path.Value.StartsWith("/signalr"))
{
string bearerToken = context.Request.Query.Get("token");
if (bearerToken != null)
{
string[] authorization = new string[] { "bearer " + bearerToken };
context.Request.Headers.Add("Authorization", authorization);
}
}
return null;
}
}
});
}
和您使用集线器授权属性
[Authorize]
public class MyHub:Hub