Authentication 使用Identity Server 4的信号器重读失败
我有一套Identity Server 4、Asp.Net核心信号器中心和JavaScript客户端。 当我尝试连接到信号集线器时,“negotiateVersion:1”正确通过,但对集线器的请求根本没有通过。Chrome中的错误是“HTTP身份验证失败;没有可用的有效凭据”和FireFox中的401状态代码。查询中存在id和访问令牌。我尝试了不同的例子,但没有预期的结果 版本: Identity Server 4-.Net Core 2.1Authentication 使用Identity Server 4的信号器重读失败,authentication,identityserver4,jwt-auth,asp.net-core-signalr,Authentication,Identityserver4,Jwt Auth,Asp.net Core Signalr,我有一套Identity Server 4、Asp.Net核心信号器中心和JavaScript客户端。 当我尝试连接到信号集线器时,“negotiateVersion:1”正确通过,但对集线器的请求根本没有通过。Chrome中的错误是“HTTP身份验证失败;没有可用的有效凭据”和FireFox中的401状态代码。查询中存在id和访问令牌。我尝试了不同的例子,但没有预期的结果 版本: Identity Server 4-.Net Core 2.1 IdentityServer4.AsNetIde
- IdentityServer4.AsNetIdentity(2.5.0)
- IdentityServer4.AccessTokenValidation(3.0.1)
- Microsoft.AspNetCore.Authentication.JwtBearer(3.1.7)
- signalr.min.js v4.2.2+97478eb6
ClientId = "my.client",
AllowedGrantTypes = GrantTypes.Implicit,
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"api1"
},
Claims = { },
RedirectUris = {
"https://mySite/popupFrame.html",
"https://mySite/silentFrame.html",
},
PostLogoutRedirectUris = {"https://mySite/logoutFrame.html" },
RequireConsent = false,
AllowAccessTokensViaBrowser = true,
AccessTokenLifetime = (int)TimeSpan.FromMinutes(10).TotalSeconds,
ConfigureServices方法中的Startup.cs
services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryPersistedGrants()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>()
.AddResourceOwnerValidator<ResourceOwnerValidator>()
.AddProfileService<ProfileService>();
services.AddScoped<IUserClaimsPrincipalFactory<ApplicationUser>, AppClaimsPrincipalFactory>();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(options =>
{
options.Authority = "https://localhost:44341";
options.RequireHttpsMetadata = false;
options.ApiName = "api1";
options.JwtBearerEvents = new JwtBearerEvents
{
OnMessageReceived = context =>
{
StringValues queryAccessToken = context.Request.Query["access_token"];
PathString path = context.HttpContext.Request.Path;
if (path.StartsWithSegments("/brokerhub") && !string.IsNullOrEmpty(queryAccessToken))
{
context.Token = queryAccessToken;
}
return Task.CompletedTask;
},
};
});
services.AddCors();
services.AddSignalR();
services.AddControllers();
Configure方法中的Startup.cs
app.UseRouting();
app.UseCors(builder =>
{
builder.WithOrigins("https://mySite", "http://localhost")
.AllowAnyHeader()
.WithMethods("GET", "POST")
.AllowCredentials();
});
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
endpoints.MapHub<BrokerHub>("/brokerhub", options =>
{
options.Transports = HttpTransportType.WebSockets;
});
});
最后是JS客户端
client = new signalR.HubConnectionBuilder()
.withUrl('https://hub.com/brokerhub/', {
accessTokenFactory: () => {
return user.access_token;
}
})
.build();
有人能告诉我配置中缺少什么吗?也许这个问题与-
请尝试使用options.TokenRetriever而不是上面链接中显示的OnMessageReceived,并介绍CustomTokenRetriever好吗?您好,@Antonio Iliev,它在Edge还是IE上工作?请尝试
AllowedGrantTypes=GrantTypes.HybridAndClientCredentials
。你可以查一下Hi@MichaelWang。谢谢你的快速回复。我在Edge中有相同的错误消息,IE完全不工作:)。我尝试使用混合授权类型,但不幸的是,Identity Server抛出了“客户端无效授权类型:隐式”并拒绝对用户进行身份验证。感谢您的链接,但是ASP.NETCore3.1更改了服务的API,不再包含AddOpenIdConnect方法。
client = new signalR.HubConnectionBuilder()
.withUrl('https://hub.com/brokerhub/', {
accessTokenFactory: () => {
return user.access_token;
}
})
.build();