即使使用[AllowAnonymous],ASP.NET核心上的Blazor WASM(带有Open Iddict gRPC)未经授权的请求也无法工作

f0brbegy  于 2022-12-01  发布在  .NET
关注(0)|答案(1)|浏览(187)

我有blazor wasm应用程序托管在asp net核心和连接grpc-web。它的工作与授权用户完美,但我不能使未经授权的grpc调用。我得到这在日志:

OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandler: Information: AuthenticationScheme: OpenIddict.Server.AspNetCore was forbidden.

但对于授权用户,此请求可以正常工作。
我的startup.cs(尝试了每一个可能的顺序auth/grpc/route):

app.UseRouting();

app.UseCors(policy => policy
        .AllowAnyOrigin()
        .AllowAnyHeader()
        .AllowAnyMethod()
        .WithExposedHeaders("Grpc-Status", "Grpc-Message", "Grpc-Encoding", "Grpc-Accept-Encoding"));
            
app.UseGrpcWeb(new GrpcWebOptions { DefaultEnabled = true });

app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(options =>
{
    //options.MapGrpcServices(); //Here grpc

    options.MapRazorPages();
    options.MapControllers();
    options.MapFallbackToFile("index.html");
});

大多数应用程序是根据官方示例配置的:https://github.com/openiddict/openiddict-samples/tree/dev/samples/Balosar
在grpc服务上添加[AllowAnonymous]没有帮助。我如何允许对一些grpc服务的未经授权的请求?

fjaof16o

fjaof16o1#

如果您从Identity Server 4迁移了gRPC解决方案,并且在Blazor.Client Program.cs中具有类似于以下内容的内容:

builder.Services.AddHttpClient("MyClientName", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress))
   .ConfigurePrimaryHttpMessageHandler(() => new GrpcWebHandler(GrpcWebMode.GrpcWeb, new HttpClientHandler()))
   .AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();

尝试删除.AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>(),但不要忘记测试您的应用程序的正确授权请求!
结果你会得到这样的东西:

builder.Services.AddHttpClient("MyClientName", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress))
   .ConfigurePrimaryHttpMessageHandler(() => new GrpcWebHandler(GrpcWebMode.GrpcWeb, new HttpClientHandler()));

相关问题