验证SignalR中的OAuth/AAD令牌
本文关键字:AAD 令牌 OAuth SignalR 中的 验证 | 更新日期: 2023-09-27 18:03:24
我有一个信号服务器,我需要验证客户端将从Azure AD获得的OAuth令牌。我想在AuthorizeHubConnection方法中做。我尝试了这个http://geekswithblogs.net/shaunxu/archive/2014/05/27.aspx,它基本上是这样做的:var d
dataProtectionProvider = new DpapiDataProtectionProvider();
var secureDataFormat = new TicketDataFormat(dataProtectionProvider.Create());
// authenticate by using bearer token in query string
var token = request.QueryString.Get(WebApiConfig.AuthenticationType);
var ticket = secureDataFormat.Unprotect(token);
这将在票证中始终返回null。
经过一番搜索,我发现了这篇文章:http://ronaldwildenberg.com/signalr-hub-authentication-with-adal-js-part-2/
它的作用如下:
public class JwtTokenAuthorizeAttribute : AuthorizeAttribute
{
// Location of the federation metadata document for our tenant.
private const string SecurityTokenServiceAddressFormat =
"https://login.windows.net/{0}/federationmetadata/2007-06/federationmetadata.xml";
private static readonly string Tenant = "yourtenant.onmicrosoft.com";
private static readonly string ClientId = "12345678-ABCD-EFAB-1234-ABCDEF123456";
private static readonly string MetadataEndpoint = string.Format(
CultureInfo.InvariantCulture, SecurityTokenServiceAddressFormat, Tenant);
private static readonly IIssuerSecurityTokenProvider CachingSecurityTokenProvider =
new WsFedCachingSecurityTokenProvider(
metadataEndpoint: MetadataEndpoint,
backchannelCertificateValidator: null,
backchannelTimeout: TimeSpan.FromMinutes(1),
backchannelHttpHandler: null);
public override bool AuthorizeHubConnection(
HubDescriptor hubDescriptor, IRequest request)
{
// Extract JWT token from query string (which we already did).
...
// Validate JWT token.
var tokenValidationParameters =
new TokenValidationParameters { ValidAudience = ClientId };
var jwtFormat =
new JwtFormat(tokenValidationParameters, CachingSecurityTokenProvider);
var authenticationTicket = jwtFormat.Unprotect(userJwtToken);
...
问题是,它建议从Katana项目复制类:https://katanaproject.codeplex.com/SourceControl/latest#src/Microsoft.Owin.Security.ActiveDirectory/WsFedCachingSecurityTokenProvider.cs。这看起来超级丑。另一个问题是,我不知道租户id,我找不到token。因此,即使这工作,我将是一步之遥。
总结一下:我想找到一种方法来验证AzureAD令牌与SignalR。一开始看起来很简单。有什么简单的方法吗?
很简单:
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
tokenHandler.ValidateToken(token, authTokenValidationParameters, out validatedToken);