我有一个IIS托管的MVC 5应用程序,该应用程序使用Asp.Net Identity和OWIN通过.AspNet.ApplicationCookie进行身份验证。从其观点之一,我通过SignalR JS客户端调用自托管SignalR集线器(在同一服务器上运行)上长时间运行的方法。这些调用均按预期方式工作。现在,我想用[Authorize(Roles =“ Administrator”)]装饰集线器。事实证明这是有问题的。在集线器方法中设置断点将显示Context.User为空,即使.AspNet.ApplicationCookie显然位于Context.RequestCookies中。
这是集线器(在Windows服务中自行托管)的引导程序:
app.Map("/signalr", map =>
{
map.UseCors(CorsOptions.AllowAll);
map.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
});
var hubConfiguration = new HubConfiguration();
map.RunSignalR(hubConfiguration);
});
这是Web应用程序(托管在IIS中)的身份验证配置:
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(UserAccountContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
问题1:在上述情况下是否可以使用[授权]?如果是这样,怎么办?
问题2:将自动托管的集线器合并到IIS托管的应用程序中会更好吗?如果是这样,则在IIS下长时间运行的集线器方法是否存在任何问题?
更新1我尝试TicketDataFormat = new TicketDataFormat(new MachineKeyDataProtector("ASP.NET Identity"))
在集线器配置中添加到CookieAuthenticationOptions,但这没有帮助。当然,这似乎应该比现在容易。
最后,我将自托管的集线器移到ASP.Net应用程序中,并且运行正常。与实施此SO问题(OWIN自主机Cookie身份验证和旧版.NET 4.0应用程序/ FormsAuthenticationTicket)中的变通方法相比,这似乎更容易且更可维护。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句