1

since I am rather new to SignalR and couldn't really find anything online, I want to ask my questions here.

I use SignalR with C# and .Net-Framework and want to Implement a function in which i can login with Username and Password to the Host/Hubs with specific Roles, but I couldn't really find anything helpfull in this regard at the Microsoft Docs. (https://learn.microsoft.com/en-us/aspnet/signalr/overview/security/hub-authorization)

So my Question is:

  • How can I implement Authentication on my SignalR-Host and is it possible to reject a connection if a the Username and Password which is send to the Host isn't correct?

Thanks for the Help
DerDane

Improve this question

1 Answer 1

Reset to default
2

I use an Attribute for that:

public class AuthorizeRolesAttribute : AuthorizeAttribute
{
    public AuthorizeRolesAttribute(params string[] roles)
    {
        this.Roles = string.Join(",", roles);
    }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        if (httpContext == null)
        {
            throw new ArgumentNullException(nameof(httpContext));
        }

        // Make sure the user is authenticated.
        var roles = this.Roles.Split(new [] { ',' }, StringSplitOptions.RemoveEmptyEntries);
        foreach (var role in roles)
        {
            if (httpContext.User.IsInRole(role))
            {
                return true;
            }
        }
        
        return false;
    }
}

Usage:

[AuthorizeRoles("Admin")]
public class ExampleHub...

UPDATE

  1. Authentication is not a trivial topic. If you want to dive deeper into it, take a look at https://learn.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-6.0 to understand how to authenticate a user. Then, at https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles?view=aspnetcore-6.0 you can see how roles are associated with a previously authenticated identity. Generally, you will never do this manually. You use existing frameworks, which are already proven. In httpContext.User.Identity you have access to your identity, the logged in user. I think it can be very interesting for you to understand the pipeline of ASP .NET. Search for "asp net pipeline diagram" and also check this https://learn.microsoft.com/en-us/aspnet/core/fundamentals/middleware/?view=aspnetcore-6.0 for more information about the middleware. There is a lot going on behind the scenes. You can just use them but it's always interesting to know them to a greater or lesser extent.

  2. You define the roles. If your application is to manage a restaurant, you can create roles such as "waiter", "cook"... while in an educational center they can be "teacher", "student", "director", etc.

You can get a list of roles like this:

var roleStore = new RoleStore<IdentityRole>(context);
var roleMngr = new RoleManager<IdentityRole>(roleStore); 
var roles = roleMngr.Roles.ToList();
  1. To add a role to user, you can use UserManager.AddToRole.
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thanks for the quick answer But I still have some questions on this code sample: 1. How exactly does the host now know which client gets the Admin role (and how can i Add new roles with certain privileges)? 2. what do I need to do to let the host know which roles can be acquired? 3. and what do i need to do in the client to get a role? sry if I am asking to many questions, but I am relativ interessted in the topic Many Thanks for the help.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.