使用 JavaScript 客户端进行 SignalR 身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21196266/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SignalR authentication with javascript client
提问by AD.Net
I was playing with the open authenticationin MVC5and SignalR. I use a javascript client to call a simple server method on SignalRand receive a reply from Server. It works well, but if I add the [Authorize]tag, it does not even call the server method (did not get any response while debugging).
我在玩open authenticationinMVC5和SignalR。我使用 javascript 客户端调用一个简单的服务器方法SignalR并接收来自服务器的回复。它运行良好,但如果我添加[Authorize]标签,它甚至不会调用服务器方法(调试时没有得到任何响应)。
My assumption was the server will use the Authentication mechanism to challenge the client. Am I missing anything? Do I have to manually authenticate the user from the client side and if so how do I pass the authentication token?
我的假设是服务器将使用身份验证机制来挑战客户端。我错过了什么吗?我是否必须从客户端手动对用户进行身份验证,如果是这样,我该如何传递身份验证令牌?
Here's my hub:
这是我的hub:
[HubName("authChatHub")]
public class AuthChatHub : Hub
{
[Authorize]
public void Ping()
{
Clients.Caller.Pong("Connection is FINE!!");
Clients.Caller.Pong(Context.User == null
? "Null user"
: Context.User.Identity.IsAuthenticated.ToString());
}
}
Here's my Startup.Auth.cs
这是我的 Startup.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
app.UseGoogleAuthentication();
}
Here's the Startup.cs, using the code to enable CORS.
这是Startup.cs, 使用代码启用 CORS。
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app); //added this after a suggestion here, not sure if this is the right place.
app.Map("/signalr", map =>
{
map.UseCors(CorsOptions.AllowAll);
var hubConfiguration = new HubConfiguration
{
// EnableJSONP = true //empty for now
};
map.RunSignalR(hubConfiguration);
});
}
}
And finally this clientside code calls the hubmethod and listens to the server RPC.
最后这个client端代码调用hub方法并监听服务器 RPC。
this.sendMessage = () => {
this.authChat.server.ping();
};
this.authChat.client.pong = (message) => { console.log(message); };
回答by Shashank Chaturvedi
You have to use Forms or windows authentication as you would use is any other asp.net application. Once you are authenticated your calls would work in the same way as they did before you putting [Authorize]attribute on the hub.
您必须像使用任何其他 asp.net 应用程序一样使用 Forms 或 windows 身份验证。一旦您通过身份验证,您的呼叫将以与[Authorize]在集线器上放置属性之前相同的方式工作。
SignalR does not itself deal with authentication.
SignalR 本身不处理身份验证。
You will have to authenticate first then send the token to server, I think this linkcan help you achieve what you want to do.
您必须先进行身份验证,然后将令牌发送到服务器,我认为此链接可以帮助您实现您想要做的事情。
回答by CodeMonkey
you can add your authentication token into the querystring which will be passed into server when java script client initial the connection to signalr server.
您可以将您的身份验证令牌添加到查询字符串中,该字符串将在 java 脚本客户端初始化与信号服务器的连接时传递到服务器。
client side: connection.qs = { 'Token' : 'your token string'};
客户端: connection.qs = { 'Token' : 'your token string'};
server side: var Token = IRequest.QueryString["Token"];
服务器端: var Token = IRequest.QueryString["Token"];
回答by Gustavo Armenta
You can use Bearer Token to authenticate and then track the authenticated user using a Cookie. Then, your SignalR requests will contain the cookie and SignalR stack will recognize the user and handle all your [Authorize] configurations
您可以使用 Bearer Token 进行身份验证,然后使用 Cookie 跟踪经过身份验证的用户。然后,您的 SignalR 请求将包含 cookie,并且 SignalR 堆栈将识别用户并处理您的所有 [授权] 配置
There is a sample here
有一个样品在这里
回答by thepirat000
The Authorize attribute specified in the hub method will make it available only to authenticated users.
在 hub 方法中指定的 Authorize 属性将使其仅对经过身份验证的用户可用。
When you apply the Authorize attribute to a hub class, the specified authorization requirement is applied to all of the methods in the hub
当您将 Authorize 属性应用到集线器类时,指定的授权要求将应用于集线器中的所有方法
http://www.asp.net/signalr/overview/signalr-20/security/hub-authorization
http://www.asp.net/signalr/overview/signalr-20/security/hub-authorization
