SignalR authentication with javascript client

I was playing with the open authentication in MVC5 and SignalR. I use a javascript client to call a simple server method on SignalR and receive a reply from Server. It works well, but if I add the [Authorize] tag, it does not even call the server method (did not get any response while debugging).

My assumption was the server will use the Authentication mechanism to challenge the client. Am I missing anything? Do I have to manually authenticate the user from the client side and if so how do I pass the authentication token?

Here's my hub:

    [HubName("authChatHub")]
    public class AuthChatHub : Hub
    {
        [Authorize]
        public void Ping()
        {
            Clients.Caller.Pong("Connection is FINE!!");

            Clients.Caller.Pong(Context.User == null 
              ? "Null user" 
              : Context.User.Identity.IsAuthenticated.ToString());
        }
    }

Here's my Startup.Auth.cs

    public void ConfigureAuth(IAppBuilder app)
        {
           app.UseGoogleAuthentication();
        }

Here's the Startup.cs, using the code to enable CORS.

public partial class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app); //added this after a suggestion here, not sure if this is the right place. 

            app.Map("/signalr", map =>
            {
                map.UseCors(CorsOptions.AllowAll);
                var hubConfiguration = new HubConfiguration
                {
                    // EnableJSONP = true //empty for now
                };

                map.RunSignalR(hubConfiguration);
            });
        }
    }

And finally this client side code calls the hub method and listens to the server RPC.

this.sendMessage = () => {
            this.authChat.server.ping();
        };
this.authChat.client.pong = (message) => { console.log(message); };

I've seen that page, what is not clear to me is how to authorize users in javascript client.

The million dollar question, what authentication scheme are you using? If the answer is "I don't know" then that's the problem. There's cookie based auth (forms auth), basic auth, windows auth.. the list goes on. Once you know what authentication scheme you're using then we can talk about the [Authorize] attribute.

I'm trying to use Google auth that comes with MVC5, I have the code in Startup.Auth.cs in the question.

Make sure you call MapSignalR after calling ConfigureAuth

@dfowler, I'll try it, but could you please explain how the auth should work. For a javascript client (e.g. html5/js app in mobile) do I have to authenticate and then add the token to the request header manually?

No, when you do the handshake (redirect to google and come back to your site) you should be authenticated.

It's exactly not what I want to do.

@dfowler, I have added some extra code. Please take a look. I think I'm missing something somewhere. I expect when the client side calls the server.pong() the server should challenge the client to log in. As mentioned before it works without the authorize.

Ye, that assumption is completely wrong. Who is performing the challenge?

I had a long discussion on stackoverflow.com/questions/20272611/… about signalr authentication and authorization. I can say signalR does not dwell in Authentication or Authorization. I have updated my answer above, hope it helps. You may also want to look at this post stackoverflow.com/questions/16190148/… .

This will not work. At this moment, AuthorizeEchoHub.cshtml calls startSignalR() but there is no such method that accepts 0 arg