两个 blazor 服务器应用程序共享相同的身份验证库项目和用于 SignalR 通信的相同库项目

  1. 项目A(身份验证库项目)
  2. 项目 B(库项目包含 SignalR hub 实现)
  3. 项目 C(Blazor 服务器项目)
  4. 项目 D(Blazor 服务器项目)

在项目 A 中,我有以下登录实现:

public async Task LoginUser()
    if (Input.Username == "" && Input.Email == "")
        errorMessage = "Username or Email is required for sign in";

    if (Input.Password == "")
        errorMessage = "Password is required for sign in";

        // This doesn't count login failures towards account lockout
        // To enable password failures to trigger account lockout, set lockoutOnFailure: true
        ApplicationUser? userObj;

        if (emailUsername_Switch)
            userObj = await UserManager.FindByEmailAsync(Input.Email);
            userObj = await UserManager.FindByNameAsync(Input.Username);

        if (userObj == null)
            errorMessage = "Unable to find user in the system. Please Register or check username/email.";

        Guid userId = new Guid();
        if (userObj != null)
            userId = userObj.Id;

        isLoading = true;

        if (await SignInManager.CanSignInAsync(userObj))
            var result = await SignInManager.CheckPasswordSignInAsync(userObj, Input.Password, true);
            if (result == Microsoft.AspNetCore.Identity.SignInResult.Success)
                Guid key = Guid.NewGuid();
                BlazorCookieLoginMiddleware.Logins[key] = new LoginInfo { Email = userObj.Email, UserName = userObj.UserName, Password = Input.Password };

                // Generate JWT Token
                var token = TokenService.GenerateToken(Input.Username);
                // Store token in localStorage (or use other storage methods as required)
                // Save the token to localStorage
                await LocalStorageService.SetItemAsync("jwt_token", token);

                NavigationManager.NavigateTo($"/login?key={key}", true);
            else if (result == Microsoft.AspNetCore.Identity.SignInResult.LockedOut)
                errorMessage = "User account locked please contact administrator";
            else if (result == Microsoft.AspNetCore.Identity.SignInResult.Failed)
                // Handle failure
                // Get the number of attempts left
                var attemptsLeft = UserManager.Options.Lockout.MaxFailedAccessAttempts - await UserManager.GetAccessFailedCountAsync(userObj);
                errorMessage = $"Invalid Login Attempt. Remaining Attempts : {attemptsLeft}";
            errorMessage = "Your account is blocked";
    catch (Exception ex)
        errorMessage = "Error: Invalid login attempt. Please check again.";
    isLoading = false;


public class TokenService
    private readonly string _secretKey;
    private readonly string _issuer;
    private readonly string _audience;

    public TokenService(string secretKey, string issuer, string audience)
        _secretKey = secretKey;
        _issuer = issuer;
        _audience = audience;

    // Method to generate JWT token
    public string GenerateToken(string username)
        var claims = new[]
        new Claim(ClaimTypes.Name, username),
        // Add other claims as needed

        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_secretKey));
        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

        var token = new JwtSecurityToken(
            issuer: _issuer,
            audience: _audience,
            claims: claims,
            expires: DateTime.Now.AddHours(1),
            signingCredentials: creds

        return new JwtSecurityTokenHandler().WriteToken(token);

    // Method to validate token and extract user info
    public ClaimsPrincipal ValidateToken(string token)
        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_secretKey));
        var handler = new JwtSecurityTokenHandler();
            var principal = handler.ValidateToken(token, new TokenValidationParameters
                ValidateIssuer = true,
                ValidateAudience = true,
                ValidIssuer = _issuer,
                ValidAudience = _audience,
                IssuerSigningKey = key
            }, out var validatedToken);

            return principal;
            return null;

在项目 B 中,我对 SignalR 进行了以下实现:

public class NotificationHub : Hub
    private static readonly ConcurrentDictionary<string, List<string>> UserConnections = new();

    public override Task OnConnectedAsync()
        var userEmail = Context.User?.FindFirst(ClaimTypes.Email)?.Value;
        //var userName = Context.User?.Identity?.Name; // Assuming the username is stored in the Name claim

        if (!string.IsNullOrEmpty(userEmail))
               new List<string> { Context.ConnectionId }, // Add a new list with the current connection ID
               (key, existingConnections) =>
                   if (!existingConnections.Contains(Context.ConnectionId))
                       existingConnections.Add(Context.ConnectionId); // Add the connection ID to the existing list
                   return existingConnections;

        return base.OnConnectedAsync();

    public override Task OnDisconnectedAsync(Exception exception)
        var userEmail = Context.User?.FindFirst(ClaimTypes.Email)?.Value;
        var connectionID = Context.ConnectionId;

        if (!string.IsNullOrEmpty(userEmail))
            if (UserConnections.TryGetValue(userEmail, out var connections))
                // Remove the specific connection ID

                // If no more connections exist for this user, remove the user entry from the dictionary
                if (connections.Count == 0)
                    UserConnections.TryRemove(userEmail, out _);

        return base.OnDisconnectedAsync(exception);

    public async Task SubscribeToTouchSiteGroup(Guid siteId)
        await Groups.AddToGroupAsync(Context.ConnectionId, SignalR_Method.TouchSiteGroup + "_" + siteId);

    public async Task UnSubscribeFromTouchSiteGroup(Guid siteId)
        await Groups.RemoveFromGroupAsync(Context.ConnectionId, SignalR_Method.TouchSiteGroup + "_" + siteId);


public class LocalStorageService
    private readonly IJSRuntime _jsRuntime;

    public LocalStorageService(IJSRuntime jsRuntime)
        _jsRuntime = jsRuntime;

    public async Task SetItemAsync(string key, string value)
        await _jsRuntime.InvokeVoidAsync("localStorageHelper.setItem", key, value);

    public async Task<string> GetItemAsync(string key)
        return await _jsRuntime.InvokeAsync<string>("localStorageHelper.getItem", key);

    public async Task RemoveItemAsync(string key)
        await _jsRuntime.InvokeVoidAsync("localStorageHelper.removeItem", key);

    public async Task ClearAsync()
        await _jsRuntime.InvokeVoidAsync("localStorageHelper.clear");

JWT 本地存储的 JS 脚本:

//////////////////////////////////Code for JWT Local Storage///////////////////////////////////////////

window.localStorageHelper = {
    setItem: function (key, value) {
        localStorage.setItem(key, value);
    getItem: function (key) {
        return localStorage.getItem(key);
    removeItem: function (key) {
    clear: function () {

然后我有集中服务,将用于共享数据和启动 SignalR 连接:(字符串 baseUrl,字符串 hubPath)作为参数从每个应用程序传递,指定打开集线器连接以进行接收。意味着项目 C 将为项目 D 的 baseURL 打开。

public class ProductNotificationHubService
    private readonly LocalStorageService _localStorageService;

    private HubConnection? _hubConnection;
    /// <summary>
    /// </summary>
    /// <param name="cacheService"></param>
    /// <param name="productService"></param>
    /// <param name="lockManagerService"></param>
    public ProductNotificationHubService(LocalStorageService localStorageService)
        _localStorageService = localStorageService;

    /// <summary>
    /// </summary>
    /// <param name="baseUrl"></param>
    /// <param name="hubPath"></param>
    /// <param name="subscribeToGroup"></param>
    /// <param name="siteId"></param>
    /// <param name="userName"></param>
    /// <returns></returns>
    public async Task<bool> InitializeHubAsync(string baseUrl, string hubPath, string subscribeToGroup, Guid? siteId, string userName)
        UserName = userName;

        // Retrieve token from localStorage
        var token = await _localStorageService.GetItemAsync("jwt_token");

        // Initialize the SignalR connection and pass the token
        _hubConnection = new HubConnectionBuilder()
            .WithUrl(new Uri(new Uri(baseUrl), hubPath), options =>
                options.AccessTokenProvider = () => Task.FromResult(token);

        _hubConnection.On<Guid?, ProductModel, string>(SignalR_Method.TouchProductReceiveNotification, async (siteID, product, messageType) =>
            if (_subscribedMessageTypes.Contains(messageType))
                await HandleNotificationAsync(siteID, product, messageType);

            await _hubConnection.StartAsync();
            await _hubConnection.InvokeAsync(subscribeToGroup, siteId);
            return true;
        catch (Exception ex)
            return false;
            // Handle exception (e.g., log it)

现在在项目 C 和项目 D 中,调用和启动 signalR 连接时我有以下代码:

var baseUrl = "https://localhost:7140"; // Project D's URL in project C for listening
var hubPath = "/notificationHub"; // Path to your hub

await ProductNotificationHubService.InitializeHubAsync(baseUrl, hubPath, SignalR_Method.SubscribeToTouchSiteGroup, Site.Site_ID, _userInfo.UserName)

下面是项目 D 和项目 C 的 Program.cs 文件:


// Register TokenService directly
builder.Services.AddSingleton<TokenService>(provider =>
    new TokenService(

builder.Services.AddAuthentication(options =>
    options.DefaultScheme = IdentityConstants.ApplicationScheme;
    options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
    options.RequireAuthenticatedSignIn = true;
// Cookie based authentication for login validation
.AddCookie(options =>
    options.LoginPath = "/Account/Login/";
    options.LogoutPath = "/Account/Logout/";
    options.AccessDeniedPath = "/Account/AccessDenied";
    options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
    options.Cookie.HttpOnly = true;
    options.SlidingExpiration = true;
    options.ExpireTimeSpan = TimeSpan.FromSeconds(30);
// JWT Bearer Authentication for API or SignalR clients
.AddJwtBearer(options =>
    options.SaveToken = true;
    options.RequireHttpsMetadata = false;
    options.TokenValidationParameters = new TokenValidationParameters
        ValidIssuer = builder.Configuration.GetSection("TokenSettings").GetValue<string>("Issuer"),
        ValidateIssuer = true,
        ValidAudience = builder.Configuration.GetSection("TokenSettings").GetValue<string>("Audience"),
        ValidateAudience = true,
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration.GetSection("TokenSettings").GetValue<string>("Key"))),
        ValidateIssuerSigningKey = true,
        ValidateLifetime = true,
        ClockSkew = TimeSpan.Zero
    options.IncludeErrorDetails = true;

    // Use Authorization header for SignalR
    options.Events = new JwtBearerEvents
        OnMessageReceived = context =>
            // Extract token from query string for SignalR
            var accessToken = context.Request.Query["access_token"];
            if (!string.IsNullOrEmpty(accessToken))
                context.Token = accessToken;
            return Task.CompletedTask;

现在请注意,我当前的身份验证适用于使用 cookie 身份验证的两个应用程序,我想继续使用它。只想对 SignalR 使用 JWT 身份验证才能获取 Context 详细信息 (

var userEmail = Context.User?.FindFirst(ClaimTypes.Email)?.Value;

现在,我面临的问题仍然是相同的,JWT 令牌被添加到本地存储中,但是,在 Program.cs 文件中,我总是得到下面的空字符串:

// Extract token from query string for SignalR
var accessToken = context.Request.Query["access_token"];
if (!string.IsNullOrEmpty(accessToken))
   context.Token = accessToken;


由于您使用的是自定义 jwt 令牌服务,因此您需要为其添加自定义方案。请如下更改您的设置。

builder.Services.AddAuthentication(options =>
    options.DefaultScheme = IdentityConstants.ApplicationScheme;
    options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
    options.RequireAuthenticatedSignIn = true;
// add below settings for signalr
.AddJwtBearer("SignalRJwtScheme", options =>
    options.TokenValidationParameters = new TokenValidationParameters
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = builder.Configuration.GetSection("TokenSettings").GetValue<string>("Issuer"),
        ValidAudience = builder.Configuration.GetSection("TokenSettings").GetValue<string>("Audience"),
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration.GetSection("TokenSettings").GetValue<string>("Key"))),
// Cookie based authentication for login validation
.AddCookie(options =>
    options.LoginPath = "/Account/Login/";
    options.LogoutPath = "/Account/Logout/";
    options.AccessDeniedPath = "/Account/AccessDenied";
    options.ReturnUrlParameter = CookieAuthenticationDefaults.ReturnUrlParameter;
    options.Cookie.HttpOnly = true;
    options.SlidingExpiration = true;
    options.ExpireTimeSpan = TimeSpan.FromSeconds(30);


[Authorize(AuthenticationSchemes = "SignalRJwtScheme")]
public class NotificationHub : Hub


