The post is almost duplicate as this question, but I am using new SignalRCore (1.0.0 alpha2).
<PackageReference Include="Microsoft.AspNetCore.SignalR" Version="1.0.0-alpha2-final" />
In my .NET Core 2.0 I use OpenIddict to authenticate user on server. On client I use angular2-jwt.
Now I need to know how can I connect on server with Authorization header access_token? I would assume that I should use custom request header when trying to connect on server.
Can this be done with new SignalR Core? I found this thread which mention that websockets does not support custom headers but I wonder if SignalR Core team did some magic to support this scenario.
This is not possible when you are using JavaScript client because some underlying APIs (like webSocket) don't allow setting headers. This is why you need to use queryString. Also, this thread on github may be useful.
If you are using the C# client setting headers is not possible at the moment but this is just a limitation of the API and should be fixed in the future.
EDIT
SignalR now has API that allows to pass JWT token to both C# and JavaScript client. It is also now possible to set headers when using C# client.
Related
I am trying to figure out how to implement the client credential flow in .NET Framework 4.8 app. The identity server is externally managed so this app will be requesting a token and refresh it as needed. Later when it needs to access the external API, it will set the token as bearer and send the request.
I will be using OWIN (Katana) to do all this. In my research, most examples I came across show how to manually implement the workflow. In .NET Core and above, the framework itself handles everything. You just have to configure the options and have the DI and middleware take care of the rest.
This doesn't seem to be the case in .NET framework 4.x apps. So I would really appreciate it if someone can point me in the right direction.
Thanks
I've really enjoyed using Flurl the last year but have encountered a problem that Im hoping I can solve using Flurl if possible and not resort ripping it out and using IHttpClientFactory and HttpClient from System.Net.Http
I've got a DotNetCore 3.1 API and our client is calling these APIs with custom headers. "x-activityid" as an example. My API calls out to an external API and so I've created a separate Client class where im calling the endpoints on the external API using Flurl.
I need to propagate some of the headers from the requests incomming to my API to the requests I make to the external API that Im calling using Flurl.
Some related links:
Header propagation using ASP.NET Core
Make HTTP requests using IHttpClientFactory in ASP.NET Core
The whole idea of header propagation depends on awareness of some HTTP server context from which to grab the incoming headers, which is why ASP.NET Core can support such a feature directly while Flurl, a stand-alone library that often gets embedded in things like Xamarin apps, cannot.
But all is not lost, because Flurl is really just a wrapper around HttpClient. To get this feature to work without giving up Flurl, just wire up header propagation in ASP.NET Core exactly as prescribed, allow it to inject HttpClient instances into your service classes, then wrap those instances with Flurl inside those classes. Note that you'll need to adapt the pattern of using FlurlClient directly, as opposed to building calls off URL strings, if you're not doing that already.
I am new to Identity server and wants to secure my two apps (MVC, Webapi) using it.
I have seen the example where we can invoke the webapi from MVC action method and SetBearerToken that was issued to the the MVC application. I am referring the below sample:
https://identityserver.github.io/Documentation/docsv2/overview/mvcGettingStarted.html
This is typical example of server to server communication where we are using access token issued to the MVC app for Web api.
In the same scenario, I want to call webapi from Javascript client(fro ex Angular or any one) using same access token.
"I want to pass the the access token issued to the MVC application to call WebAPI from JavaScript"
How can I utilize the token that was issued to my MVC application from the JavaScript client?
Thanks
They should be treated as different client in my opinion, I guess they are different site? For your Javascript client you should be able to find example here , you can use the javascript lib that provided in the example or write one yourself
Once you get the token, then you can call your API using AJAX, where you might face CORS problem if your webapi is on a different domain, well...that is different topic.
Hope that helps
I'm trying to do some integration testing on an ASP.Net Core app with Windows Authentication enabled. For controller methods with the [Authorize] attribute I need to send through the current windows identity in the request.
There is lots of information on how to do this using the old HttpWebRequest method, but I can find no information on doing this through HttpRequestMessage. Presumably I have to encode and send through the current user in the authentication header? Can anyone help?
Asp.Net Core does not do impersonation for you. You need to call WindowsIdentity.Impersonate (https://msdn.microsoft.com/en-us/library/w070t6ka(v=vs.110).aspx) to apply the given identity to the current thread. Then you set up HttpClient with UseDefaultCredentials: How to get HttpClient to pass credentials along with the request?
I need to secure a WCF Service that uses webHttpBinding with tokens, but having a hard time figuring out how to do so. It is my understanding that the recommend way of doing this is by using JWT Tokens?
I have an STS (IdentityServer) that issues JWT tokens to my Mobile Client (Sencha Touch Application) through OAuth 2.0, and this application needs to call a webHttpBinding based WCF Service.
Now I want to secure this using tokens, and I know Microsoft has released a JWT Security Token Handler NuGet package.
I have added this security token handler in the "securityTokenHandlers" tag under my "identityConfiguration" tag in the web.config, but I feel a bit lost on how to actually use the token handler to validate the token, extracting the claims and setting the IClaimsPrinicipal object.
Most examples I have been able to find use WebAPI and are for ASP.NET applications, but in my case I need to just secure an "ordinary" WCF Service using a webHttpBinding.
Any help on how to accomplish this, would be greatly appreciated.
You won't find many samples with OAuth implementation over SOAP services. OAuth was created primarily for clients that could not handle SOAP and its associated WS-Security complexity.
Although not common, it is still possible, you just need to implement your own WCF pipeline hook (IDispatchMessageInspector) to get the token from HTTP header and then use the JWT classes to set your claims.
I have not used this code sample, but it looks like it will do what you want.
http://blogs.msdn.com/b/pavelkhodak/archive/2013/07/26/enable-http-bearer-jwt-token-authentication-for-rest-service-using-webhttpbinding-in-wcf.aspx