3

I was playing with the open authentication in MVC5 and SignalR. I use a javascript client to call a simple server method on SignalR and receive a reply from Server. It works well, but if I add the [Authorize] tag, it does not even call the server method (did not get any response while debugging).

My assumption was the server will use the Authentication mechanism to challenge the client. Am I missing anything? Do I have to manually authenticate the user from the client side and if so how do I pass the authentication token?

Here's my hub:

    [HubName("authChatHub")]
    public class AuthChatHub : Hub
    {
        [Authorize]
        public void Ping()
        {
            Clients.Caller.Pong("Connection is FINE!!");

            Clients.Caller.Pong(Context.User == null 
              ? "Null user" 
              : Context.User.Identity.IsAuthenticated.ToString());
        }
    }

Here's my Startup.Auth.cs

    public void ConfigureAuth(IAppBuilder app)
        {
           app.UseGoogleAuthentication();
        }

Here's the Startup.cs, using the code to enable CORS. 

public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app); //added this after a suggestion here, not sure if this is the right place. 

            app.Map("/signalr", map =>
            {
                map.UseCors(CorsOptions.AllowAll);
                var hubConfiguration = new HubConfiguration
                {
                    // EnableJSONP = true //empty for now
                };

                map.RunSignalR(hubConfiguration);
            });
        }
    }

And finally this client side code calls the hub method and listens to the server RPC. 

this.sendMessage = () => {
            this.authChat.server.ping();
        };
this.authChat.client.pong = (message) => { console.log(message); };
Improve this question

4 Answers 4

Reset to default
2

You have to use Forms or windows authentication as you would use is any other asp.net application. Once you are authenticated your calls would work in the same way as they did before you putting [Authorize]attribute on the hub.

SignalR does not itself deal with authentication.

You will have to authenticate first then send the token to server, I think this link can help you achieve what you want to do.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It's exactly not what I want to do.
I had a long discussion on stackoverflow.com/questions/20272611/… about signalr authentication and authorization. I can say signalR does not dwell in Authentication or Authorization. I have updated my answer above, hope it helps. You may also want to look at this post stackoverflow.com/questions/16190148/… .
1

you can add your authentication token into the querystring which will be passed into server when java script client initial the connection to signalr server.

client side: connection.qs = { 'Token' : 'your token string'};

server side: var Token = IRequest.QueryString["Token"];

Improve this answer

Comments

0

You can use Bearer Token to authenticate and then track the authenticated user using a Cookie. Then, your SignalR requests will contain the cookie and SignalR stack will recognize the user and handle all your [Authorize] configurations

There is a sample here

Improve this answer

1 Comment

This will not work. At this moment, AuthorizeEchoHub.cshtml calls startSignalR() but there is no such method that accepts 0 arg
-1

The Authorize attribute specified in the hub method will make it available only to authenticated users.

When you apply the Authorize attribute to a hub class, the specified authorization requirement is applied to all of the methods in the hub

http://www.asp.net/signalr/overview/signalr-20/security/hub-authorization

Improve this answer

8 Comments

I've seen that page, what is not clear to me is how to authorize users in javascript client.
The million dollar question, what authentication scheme are you using? If the answer is "I don't know" then that's the problem. There's cookie based auth (forms auth), basic auth, windows auth.. the list goes on. Once you know what authentication scheme you're using then we can talk about the [Authorize] attribute.
I'm trying to use Google auth that comes with MVC5, I have the code in Startup.Auth.cs in the question.
Make sure you call MapSignalR after calling ConfigureAuth
@dfowler, I'll try it, but could you please explain how the auth should work. For a javascript client (e.g. html5/js app in mobile) do I have to authenticate and then add the token to the request header manually?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.