堆栈内存溢出
  简体   繁体   English

为什么 GraphQL.Net HttpConext 没有正确的用户 session?

[英]Why does GraphQL .Net HttpConext not have the correct user session?

 原文  2020-11-30 00:45:57       graphql-dotnet/ graphql.net

问题描述

I am using GraphQL .net to respond to graphql queries on the backend of an Asp.net Core website.我正在使用GraphQL .net来响应 Z84ACF19393F20C1ECZBEE91B7 网站后端的 graphql 查询。 All the cookies seem to be passed with the requests but for some reason my graphql.net requests do not have the proper user session set on the HttpContext.所有 cookies 似乎都与请求一起传递,但由于某种原因,我的 graphql.net 请求没有在 HttpContext 上设置正确的用户 session。 The ClaimPrincipal is mostly empty via graphql.net while my Asp.net Core WebApi/Mvc style endpoints have the correct principal with user id even though both GraphQl.Net requests and non-graphql.net requests are happening at the same time. ClaimPrincipal通过 graphql.net 大部分是空的,而我的 Asp.net Core WebApi/Mvc 样式端点具有正确的主体和用户 ID,即使 GraphQl.Net 请求和非 graphql.net 请求同时发生。

I checked the payload and all the same cookies are passed in both requests.我检查了有效负载,所有相同的 cookies 都在两个请求中传递。 So it makes me wonder why are my regular WebApi endpoints able to (auto-magically) get the claims principal and why can't the graph.net endpoints do the same.所以这让我想知道为什么我的常规 WebApi 端点能够(自动)获得声明主体,为什么 graph.net 端点不能这样做。 As far as I know from previous usages of GraphQl.net I wasn't aware that any special session code had to be added (other than passing the user from the HttpContext to graphQL.net).据我从 GraphQl.net 以前的用法中知道,我不知道必须添加任何特殊的 session 代码(除了将用户从 HttpContext 传递到 graphQL.net)。 I've been reading through GraphQL.Net and Asp.net core source code and docs, but so far I haven't found any obvious offenses or leads.我一直在阅读 GraphQL.Net 和 Asp.net 核心源代码和文档,但到目前为止我还没有发现任何明显的违规或线索。

What might cause some issue like this?什么可能导致这样的问题? what are some common causes?有哪些常见原因? Should I just try to figure out how to manually read in the cookie to Asp.net core and pull the principal?我是否应该尝试弄清楚如何手动将 cookie 读取到 Asp.net 内核并拉出主体?

Perhaps I'm missing a special header value?也许我错过了一个特殊的 header 值? I don't think the headers are weird but I haven't done a side by side comparison between the headers in graphql.net and asp.net core requests.我不认为标题很奇怪,但我没有对 graphql.net 中的标题和 asp.net 核心请求中的标题进行并排比较。

In this snippet is where I first detect a problem.在这个片段中,我首先发现了一个问题。 If I put a breakpoint here then the claimsprinical isn't correctly set for the current user session.如果我在此处设置断点,则没有为当前用户 session 正确设置声明原则。 And also later when I access the HttpContext the user session is not correct for graphql.net requests.后来当我访问 HttpContext 时,用户 session 对 graphql.net 请求不正确。

public static GraphQLUserContext InitializeFromContext(HttpContext httpContext)
{
       return new GraphQLUserContext
       {
            User = httpContext.User,
       };
}

Here's part of the Graphql.net configuration:这是 Graphql.net 配置的一部分:

services.AddGraphQL((options, provider) =>
                {
                    options.EnableMetrics = _env.IsDevelopment();
                    var logger = provider.GetRequiredService<ILogger<WebDependencyInjectionConfig>>();
                    options.UnhandledExceptionDelegate = ctx => logger.LogError("{Error} occurred", ctx.OriginalException.Message);
                })
                .AddErrorInfoProvider(opt =>
                {
                    opt.ExposeExceptionStackTrace = _env.IsDevelopment();
                    opt.ExposeCodes = _env.IsDevelopment();
                    opt.ExposeCode = _env.IsDevelopment();
                    opt.ExposeData = _env.IsDevelopment();
                    opt.ExposeExtensions = _env.IsDevelopment();
                })
                .AddSystemTextJson()

                .AddUserContextBuilder(GraphQLUserContext.InitializeFromContext)
                .AddGraphTypes(typeof(PrimarySchema), ServiceLifetime.Scoped);

I'll gladly provide any requested configuration if anyone wants it, but there is a lot of possible code it touches.如果有人需要,我很乐意提供任何请求的配置,但它涉及到很多可能的代码。 Thanks!谢谢!

1 个解决方案

解决方案1
 1 已采纳  2020-11-30 21:56:23

What does your Configure method look like?您的Configure方法是什么样的? Is your app.UseAuthentication() before your GraphQL middleware configuration?您的app.UseAuthentication()您的 GraphQL 中间件配置之前吗?

public void Configure(IApplicationBuilder app)
{
    app.UseAuthentication();
    app.UseAuthorization();

    app.UseGraphQL<MySchema>();
}

https://github.com/dotnet/aspnetcore/blob/790c4dc2cf59e16e6144f7790328d563ca310533/src/Security/samples/Cookies/Startup.cs#L45-L66 https://github.com/dotnet/aspnetcore/blob/790c4dc2cf59e16e6144f7790328d563ca310533/src/Security/samples/Cookies/Startup.cs#L45-L66

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 GraphQL.Net 自定义扩展 - GraphQL .Net Custom Extensions GraphQL.NET:如何使用IValidationRule查找完整的字段路径 - GraphQL.NET: How to find the full field path using IValidationRule 如何在 ASP.NET Core GraphQL 中访问嵌套字段中的参数 - How to access arguments in nested fields in ASP.NET Core GraphQL 如何在 Resolver 函数级别使用 GraphQL.NET 实现授权? - How to implement authorization using GraphQL.NET at Resolver function level? 用Graphql-dotnet上传ASP.NET核心文件 - Asp.net core file upload with Graphql-dotnet 使用 JWT 使用 Asp.net 核心进行 GraphQL 身份验证 - GraphQL authentication with Asp.net core using JWT 对于 .NET 和 EF Core 3.0,使用 GraphQL 进行并行异步查询 - Parallel async queries with GraphQL for .NET and EF Core 3.0 在asp.net core 2 graphql端点的情况下,如何提取请求标头并将其传递给业务逻辑? - How to extract request headers and pass it to the business logic in case of asp.net core 2 graphql endpoint? 在GraphQL .NET中,如何指定查询可以采用可选参数? - In GraphQL .NET, how do I specify that a query can take optional parameters? GraphQL字段的参数重载 - argument overloads for GraphQL field
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM